On 23 Aug 2003, Jason Dixon wrote: > On Sat, 2003-08-23 at 10:31, Reuben D. Budiardja wrote: snip... > I've seen multiple exploits that use the DEADBEEF string as part of the > request. These range from Apache/win32 chunking attacks to PGP exploits > to formmail exploits. The first thing I'd suggest is putting a firewall > up (if you don't already) and blocking that client IP. Next, I'd make > sure your box is sufficiently patched against all known exploits for the > software you're running that is exposed to the Internet. Third, I'd > send an email to "[EMAIL PROTECTED]" informing them of this > attempted intrustion. Since this is a foreign block, you're not going > to have much luck escalating it to an upstream provider, since it looks > like datapark.ch provides it's own core connectivity. > > There are a lot of different things to do/consider. Regardless, your > best course is to simply ensure that your systems are patched and not > exploitable.
I've had so many break in attempts from the far east that I started blocking entire nets (ie 218.0.0.0). The last one was from an elementary school somewhere in a town in China that I'd never heard of. I complained to the admin and then all hell broke loose. I think I became the target for every script kiddie over there. I assume the admin was the leader of the pack??? Blocking entire nets really quieted things down a lot! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
