Perhaps we should just keep a central database of where the attempts are coming from.
We could even extend it to work like the RBL - connects are not allowed from IP's
that have attempted the exploit (an explanation page appears instead of the requested
page) and are listed in our blacklist. That might force ISP's to kick the k1dd13z off
their system. We could host the db on a webpage (searchable) and make it available
for download by the script that does the banning on a daily/hourly basis. We could
probably extend this to cover a few other exploits if this works. Would anyone use
this?
Sean Chittenden wrote:
> > > > Anybody know of any module I can use to hit back at these default.ida bozos
> > > > (i.e. keep them away from my IP addresses ?). I'm running apache/modperl on
> > > > Win32.
> > >
> > [snip]
> > > ::grin:: In the post he mentioned about trashing the kernel on NT so
> > > this might be kinda fun...
> >
> > Well you might think it's fun but there are those who'd say it's criminal.
>
> Sorry, you're right. I meant fun in the same way that Looney
> Toons and Wilie Coyote. Funny to watch a cartoon fall off a cliff, but
> not necessarily funny in life.
>
> > Please don't promote irresponsible ideas on the mod_perl List.
>
> My bad.... script kiddies, go away, grow up, be responsible, and
> look to other security oriented lists such as incidents and bugtraq for
> bad ideas. -sc
>
> PS <line type="fine" personal_opinion="true">Bad ideas aren't
> bad, execution of bad ideas is bad.</line>
>
> --
> Sean Chittenden
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
Mark Maunder
Senior Architect
SwiftCamel Software
http://www.swiftcamel.com
mailto:[EMAIL PROTECTED]
