No, you do not need another computer. What was described was for use on your current DCD setup.
And the scanning doesn't stop just because you load LaBrea. I use it to help slow down the spread of viruses. From what I can tell, by using LaBrea you also seem to peak one's interest in your IP for a bit longer than the usual scans (not talking about port 80, I mean 21, 22, 111 etc.) Good luck Steve On Fri, 1 Mar 2002 11:34:52 -0800 "MLU " <[EMAIL PROTECTED]> wrote: > Thank you Steve. That's a great news. I will try it on the weekend and see how it goes with my system. > > Another question? Seems to me from reading your instructions, I do not see anything mentioned about having a spared internal machine just for that purpose, so just want to double check with you on "Do I have to dedicate an internal machine for that purpose"? My system is a home-based so having another one would be a little bit outch for me. > > Have a very nice weekend Steve. You can now feel relieved about being scanned, right? > > > > ---------- Original Message ---------------------------------- > From: Steve Jeppesen <[EMAIL PROTECTED]> > Date: Fri, 1 Mar 2002 10:27:17 -0600 > > >Sure no problem. > >Simon had just posted pretty much the same thing what I did to make LaBrea > >work with one IP, so I did not want to repeat what he posted. I will send > >you what I did anyways; > > > >*I am using Dachstein CD v1.0.2 with two network cards but only one > >dynamically assigned IP* > > > >======================================================== > >#1 edit lrpkg.cfg to contain ifconfig and LaBrea > > > >example: > >etc,ramlog,local,modules,dhclient,dhcpd,dnscache,weblet,psentry,libz,sshd,ssh,ifconfig,LaBrea > > > >======================================================== > > > >#2 create a file called /etc/LaBrea.in which would contain: > > > > dst host <IPADDR> > > and tcp[2:2] & 0xfc00 == 0 > > > >========================================================= > > > >#3 create script file called /etc/ipupdate (to update and/or create > >/etc/LaBrea.bpf) > >which would contain: > > > >#!/bin/sh > > > >IPADDR=`ip addr list label eth0 | grep inet | \ > >sed '1!d;s/^[^.0-9]*\([.0-9]*\).*$/\1/'` > > > >sed "s/<IPADDR>/$IPADDR/g" /etc/LaBrea.in >/etc/LaBrea.bpf > > > >========================================================= > > > >#4 Chmod /etc/ipupdate to 744 > > > >chmod 744 /etc/ipupdate > > > >========================================================= > > > >#5 Edit /etc/dhclient-exit-hooks and update with the following changes: > > > >change > ># Reload networking to see new address > > reload_all > > > >to this > ># Reload networking to see new address > > reload_all > > /etc/ipupdate > > svi LaBrea stop > > svi LaBrea start > > > >========================================================== > > > >#6 Mount CD-ROM and load ifconfig and LaBrea > > > >mount -t iso9660 /dev/cdrom /mnt > >cd /mnt > >lrpkg -i ifconfig > >lrpkg -i LaBrea > >cd .. > >umount /mnt > > > >========================================================== > > > >#7 Stop the interface from running in promiscuous mode. > >Edit /etc/init.d/LaBrea and update with the following changes: > > > >change > >ifconfig eth0 promisc > > > >to this > >ifconfig eth0 -promisc > > > >========================================================== > > > >#8 Edit /etc/init.d/LaBrea and update OPTIONS= to this; > > > >OPTIONS="-i eth0 -l -p 80000 -z -x -F /etc/LaBrea.bpf" > > > >========================================================= > > > >#9 run ipupdate to create LaBrea.bpf and to tests the ipupdate script > > > >/etc/ipupdate > > > >========================================================= > > > >what *my* /etc/LaBrea.bpf file should read (listed here as an example); > > > > dst host 24.118.176.41 > > and tcp[2:2] & 0xfc00 == 0 > > > >========================================================= > > > >start LaBrea > > > >svi LaBrea start > > > >========================================================= > > > >That is all that is needed. DO NOT FORGET THE -x OPTION IN STEP #8 > > > >========================================================= > > > >I choose to not log port 80 scans anymore (that is up to you, it is not > >required) > >by editing /etc/ipfilter.conf (towards the end of the file is > >the best way for me .. a n00B .. to described where) to add the following > >2 lines > > > >#Deny and don't log Code Red stuff on port 80 > >$IPCH -I input 3 -j DENY -p tcp -s 0/0 -d $EXTERN_IP/32 80 -i $EXTERN_IF > > > >========================================================= > > > >I have had pretty good success in running LaBrea. Remember when adding > >the > >word LaBrea to anything it is case sensitive. Do not enter labrea, > >enter it as LaBrea. Just trying to give you some clues as to what to > >watch for. > > > >Please read https://lists.sourceforge.net/lists/listinfo/leaf-user > >to catch some of what Simon Bolduc posted concerning this same subject. > >You may > >find other ides from what he uses, like I decided to remove the -v switch > >in OPTIONS= > >because with the -v switch, your logs will fill up in a matter of hours. > > > >To each their own. Hope this helps you, let me know if you need any help. > >Steve > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
