----- Original Message ----
> From: Gary Gatten <ggat...@waddell.com>
> To: Adam Vande More <amvandem...@gmail.com>; Aflatoon Aflatooni
> <aaflato...@yahoo.com>
> Cc: freebsd-questions@freebsd.org
> Sent: Fri, October 9, 2009 5:53:10 PM
> Subject: RE: Security blocking question
>
> I might also add, if it's only a handful that have legitimate access
> requirements, maybe black hole all ip's from locations (countries, etc.)
> they'll never be in. We see a lot of bad traffic from well, certain
> countries and we simply null route them. Or if I feel like playing a
> bit I'll route them to a tar-pit and honey pot just to see what they do.
> Pretty entertaining sometimes! :)
>
>
My experience has been that honeypot is good to catch internal hackers.
I have also noticed that we get dictionary attacks from zombies in North
America. I have managed to capture a Perl script that they use and it just
retransmits the command from the IP of the server that have the Perl script
installed.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
