Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Saturday 25 May 2002 11:25 pm, Femme wrote: On Sat, 25 May 2002 20:50:16 -0700 James [EMAIL PROTECTED] wrote: Check your commonhttpd.conf file, (/etc/httpd/conf/ ) but usually the default allows you to follow symlinks (in the past) if not look for # Each directory to which Apache has access, can be configured with respect# to which services and features are allowed and/or disabled in that# directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # permissions. # # Also, for security, we disable indexes globally # Directory / Options -Indexes FollowSymLinks AllowOverride None /Directory and make it look like the above. Then go to var/www/html and type ln -s/absolute/path/to/my/directory directory This will then be the same as moving them physically there. It's a hack but it works. James *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme As far as the apache maintenance, that would depend on what version you are currently using (ie apache 1.3 or apache 2.0). HTML/web tutorial, I would recommend http://www.webmonkey.com. -- Altoine B Maximum Time Unlimited Chicago Based and Operated The Great Movie Posters: SCENES THAT WILL STAGGER YOUR SIGHT! -- DANCING CALLED GO-GO -- MUSIC CALLED JU-JU -- NARCOTICS CALLED BANGI! -- FIRES OF PUBERTY! SEE the burning of a virgin! SEE power of witch doctor over women! SEE pygmies with fantastic Physical Endowments!!! -- Kwaheri (1965) The Big Comedy of Nineteen-Sexty-Sex! -- Boeing-Boeing (1965) AN ASTRONAUT WENT UP- A GUESS WHAT CAME DOWN! The picture that comes complete with a 10-foot tall monster to give you the wim-wams! -- Monster a Go-Go (1965) --- 2.4.18-16mdk Mandrake Linux release 8.3 (Cooker) for i586 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
nDiScReEt wrote: Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme As far as the apache maintenance, that would depend on what version you are currently using (ie apache 1.3 or apache 2.0). HTML/web tutorial, I would recommend http://www.webmonkey.com. Ty. The more tutorials for me that I read, the better. :) -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Mount your win32/ntfs(ro) partitions (where the files reside) and either serve from them or symlink into the path if required. BillK On Sun, 2002-05-26 at 08:11, Femme wrote: On Sat, 25 May 2002 19:43:23 -0300 WOOkY [EMAIL PROTECTED] wrote: I'm trying to make a ftp-like thing for ppl on the lists. So I can serve small files to friends list ppl here. What was suggested was using Apache for this, dumping files into a direrctory Using it that way. Unfortunately that will not work as my Linux partition is too small to hold teh files. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Femme wrote: *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme Guess you really didn't notice they both suggested the same thing (ops, include me and Civ also)? James gave you a nice tip that apache should be configured to actually follow symlinks, but if I remember it well that's the default behaviour. Wooky -- -- shinjiteiru shinjirareru, korekara aruku kono michi wo! kimi ga iru yo, boku ga iru yo sore ijou nani mo iranai. umareta imi ,sagasu yori mo ima ikiteru koto kanjite, kotae yori mo, daiji na mono hitotsu hitotsu mitsuketeiku... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Bill Kenworthy wrote: Mount your win32/ntfs(ro) partitions (where the files reside) and either serve from them or symlink into the path if required. BillK On Sun, 2002-05-26 at 08:11, Femme wrote: On Sat, 25 May 2002 19:43:23 -0300 WOOkY [EMAIL PROTECTED] wrote: I'm trying to make a ftp-like thing for ppl on the lists. So I can serve small files to friends list ppl here. What was suggested was using Apache for this, dumping files into a direrctory Using it that way. Unfortunately that will not work as my Linux partition is too small to hold teh files. ty, thats what has been suggested by others. Heh, I even got step-by-step instructions ;) Merci For those wishing it, its sunday here the ftp is up in windows for hte moment. same login/pass @ 142.173.217.236, port number 21 Upload or d/l if you wish. the upload directory is already made under hte mp3 directory. Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Sat, 25 May 2002 22:25:10 -0600 Femme [EMAIL PROTECTED] wrote: On Sat, 25 May 2002 20:50:16 -0700 James [EMAIL PROTECTED] wrote: Check your commonhttpd.conf file, (/etc/httpd/conf/ ) but usually the default allows you to follow symlinks (in the past) if not look for # Each directory to which Apache has access, can be configured with respect# to which services and features are allowed and/or disabled in that# directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # permissions. # # Also, for security, we disable indexes globally # Directory / Options -Indexes FollowSymLinks AllowOverride None /Directory and make it look like the above. Then go to var/www/html and type ln-s/absolute/path/to/my/directory directory This will then be the same as moving them physically there. It's a hack but it works. James *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. www.webmin.com webmin should already be on your box... go to https://your.ip.number.here:1 (note the https not http) and login with root and root's passwd. Under servers you'll find tools to admin apache. As for HTML, well, use the composer in Mozilla... It's a pretty good WYSIWYG tool. James Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Jeferson Lopes Zacco wrote: Femme wrote: *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme Guess you really didn't notice they both suggested the same thing (ops, include me and Civ also)? James gave you a nice tip that apache should be configured to actually follow symlinks, but if I remember it well that's the default behaviour. Wooky Sorta noticed, yes. Is why I thank you all :) I'm still unsure of some things and don't always understand things right off either. A failing of mine... :) -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
James wrote: On Sat, 25 May 2002 22:25:10 -0600 *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. www.webmin.com webmin should already be on your box... go to https://your.ip.number.here:1 (note the https not http) and login with root and root's passwd. Under servers you'll find tools to admin apache. As for HTML, well, use the composer in Mozilla... It's a pretty good WYSIWYG tool. James Hm... Webmin scared me last time I used it... lots of things in there to screw up. But I'l give it another go, thx James. -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Guess you really didn't notice they both suggested the same thing (ops, include me and Civ also)? James gave you a nice tip that apache should be configured to actually follow symlinks, but if I remember it well that's the default behaviour. Wooky Almost, the other guys suggestion was close but scary. His method created a symlink directory named as the default server doc file itself! ...and at the root of the directory tree! Making the server useless to serve other docs properly. He would have to change the default from index.html to default.html, index.php, or something to that effect. My way is best and safest of us two. Wooky, you are correct that apache is configured to follow symlinks by default. -- Altoine B Maximum Time Unlimited Chicago Based and Operated Never go to bed mad, stay up and fight -- Murphy's Laws on Sex n°57 --- 2.4.18-16mdk Mandrake Linux release 8.3 (Cooker) for i586 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
At 10:04 PM 5/24/02, Femme wrote: Yes I'm seeing 1433 turn up alot along with some suspicious ports :( Don't know what to do about it I reconfigured Bastille intoa more paranoid mode, and since I've done that 20 mins ago, it seems to be holding up much more like the BrickWall its supposed to be. Crossing my fingers this continues. I will run linux for a day or so see if this Firewall I just did in Linux will work as well as I hope it shall. Ty for your info. What is 1433 anyway? Sorry but i'm totally clueless :( File /etc/services lists all the tcp and udp services, i.e. gives the names and port numbers. Once you know the name of the service, the apropos command and google are resources for more info. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 22:59:13 -0700 James [EMAIL PROTECTED] wrote: Actually pretty easy. cd to /var/www/html move any index.xxx files to index.xxx.old then put the files you want to share in this directory. voila when people go to http://your.ip.number they get a list of files and can then http them down.(the old right click save as routine) Quick and dirty. The default action in apache et all is that when the index files aren't there just give a list of what is. James OK James you piqued my intellectual stupidity switch. Im going to try this idea (however hare-brained I think it is :), and let the list know I guess. Caveat: if i come screaming back here to the list with no hair left its all YOUR fault ;p Question: The drive all the info is on is a FAT32 30GB partition of a 60GB drive. You said i should dump all teh files into a directory (/var/www/html) yet I know they won't fit in here because my Linux partition is only 10GB total. So...is there a way to point apache or something to that drives directory tell it to serve files from where they are now? That is: My mp3 directory is on /hdb1/mp3. Will apache be able to find/point to? that directory just show users to that directory when they login? Let them d/l their files, logoff. As I cannot put all those mp3's on my linux partition thats the best idea I have. Any help? :) Thx Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Hi Femme! On Sat, 25 May 2002, Femme wrote: OK James you piqued my intellectual stupidity switch. Im going to try this idea (however hare-brained I think it is :), and let the list know I guess. Caveat: if i come screaming back here to the list with no hair left its all YOUR fault ;p Question: The drive all the info is on is a FAT32 30GB partition of a 60GB drive. You said i should dump all teh files into a directory (/var/www/html) yet I know they won't fit in here because my Linux partition is only 10GB total. So...is there a way to point apache or something to that drives directory tell it to serve files from where they are now? That is: My mp3 directory is on /hdb1/mp3. Will apache be able to find/point to? that directory just show users to that directory when they login? Let them d/l their files, logoff. As I cannot put all those mp3's on my linux partition thats the best idea I have. Any help? :) Thx Femme If you have enough space, you can try this: mkdir ~/public_html and copy all your mp3 dir there To access the page: http://your-ip/~your-login/mp3 for example, if my login is hicham, I'll try: http://my-ip/~hicham/mp3 -- -. [EMAIL PROTECTED]-. + http://www.hicham.org `. -' hicham.org/gpgkey.txt `'D599 D175 BC4D FAFD C902 353C EE51 DC73 B362 44FA `- -- - - -' msg54421/pgp0.pgp Description: PGP signature
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Femme wrote: On Fri, 24 May 2002 22:59:13 -0700 James [EMAIL PROTECTED] wrote: Actually pretty easy. cd to /var/www/html move any index.xxx files to index.xxx.old then put the files you want to share in this directory. voila when people go to http://your.ip.number they get a list of files and can then http them down.(the old right click save as routine) Quick and dirty. The default action in apache et all is that when the index files aren't there just give a list of what is. James OK James you piqued my intellectual stupidity switch. Im going to try this idea (however hare-brained I think it is :), and let the list know I guess. Caveat: if i come screaming back here to the list with no hair left its all YOUR fault ;p Question: The drive all the info is on is a FAT32 30GB partition of a 60GB drive. You said i should dump all teh files into a directory (/var/www/html) yet I know they won't fit in here because my Linux partition is only 10GB total. So...is there a way to point apache or something to that drives directory tell it to serve files from where they are now? That is: My mp3 directory is on /hdb1/mp3. Will apache be able to find/point to? that directory just show users to that directory when they login? Let them d/l their files, logoff. As I cannot put all those mp3's on my linux partition thats the best idea I have. Any help? :) Thx Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Ummm, well, you could open a konqueror window (File manager super-user mode) split the screen right-left put one screen on your mp3 files put one screen on /var/www/html select the files you want in the mp3 collection drag them all over to the other window say Link instead of copy or move Linux is nice that way :-) Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
-Mensagem Original- De: Hicham A. [EMAIL PROTECTED] Para: [EMAIL PROTECTED] Enviada em: sábado, 25 de maio de 2002 19:08 Assunto: Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site] I'm sorry I didn't quite follow what are you trying to do... you just want to access files from your Win partition from Apache? Can't you just symlink the directories? Wooky Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Sat, 25 May 2002 19:43:23 -0300 WOOkY [EMAIL PROTECTED] wrote: -Mensagem Original- De: Hicham A. [EMAIL PROTECTED] Para: [EMAIL PROTECTED] Enviada em: sábado, 25 de maio de 2002 19:08 Assunto: Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site] I'm sorry I didn't quite follow what are you trying to do... you just want to access files from your Win partition from Apache? Can't you just symlink the directories? Wooky I'm trying to make a ftp-like thing for ppl on the lists. So I can serve small files to friends list ppl here. What was suggested was using Apache for this, dumping files into a direrctory Using it that way. Unfortunately that will not work as my Linux partition is too small to hold teh files. Civilme seems to have given me an answer though (TY Luv). I will try his suggestion next me thinks. Right up there when/if I figue out how to install/use apache without letting someone into my system. I don't need hackers today :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Actually it was the same suggestion I gave... since he is a nicer guy than I am, he just told you how to do it as well. :^) Of course, I'd rather do it at the console, but that's the beauty of linux: freedom of choice. Good Luck. Wooky/Jeferson L. Zacco I'm sorry I didn't quite follow what are you trying to do... you just want to access files from your Win partition from Apache? Can't you just symlink the directories? Wooky I'm trying to make a ftp-like thing for ppl on the lists. So I can serve small files to friends list ppl here. What was suggested was using Apache for this, dumping files into a direrctory Using it that way. Unfortunately that will not work as my Linux partition is too small to hold teh files. Civilme seems to have given me an answer though (TY Luv). I will try his suggestion next me thinks. Right up there when/if I figue out how to install/use apache without letting someone into my system. I don't need hackers today :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Check your commonhttpd.conf file, (/etc/httpd/conf/ ) but usually the default allows you to follow symlinks (in the past) if not look for # Each directory to which Apache has access, can be configured with respect# to which services and features are allowed and/or disabled in that# directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # permissions. # # Also, for security, we disable indexes globally # Directory / Options -Indexes FollowSymLinks AllowOverride None /Directory and make it look like the above. Then go to var/www/html and type ln -s /absolute/path/to/my/directory directory This will then be the same as moving them physically there. It's a hack but it works. James On Sat, 25 May 2002 15:24:08 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 22:59:13 -0700 James [EMAIL PROTECTED] wrote: Actually pretty easy. cd to /var/www/html move any index.xxx files to index.xxx.old then put the files you want to share in this directory. voila when people go to http://your.ip.number they get a list of files and can then http them down.(the old right click save as routine) Quick and dirty. The default action in apache et all is that when the index files aren't there just give a list of what is. James OK James you piqued my intellectual stupidity switch. Im going to try this idea (however hare-brained I think it is :), and let the list know I guess. Caveat: if i come screaming back here to the list with no hair left its all YOUR fault ;p Question: The drive all the info is on is a FAT32 30GB partition of a 60GB drive. You said i should dump all teh files into a directory (/var/www/html) yet I know they won't fit in here because my Linux partition is only 10GB total. So...is there a way to point apache or something to that drives directory tell it to serve files from where they are now? That is: My mp3 directory is on /hdb1/mp3. Will apache be able to find/point to? that directory just show users to that directory when they login? Let them d/l their files, logoff. As I cannot put all those mp3's on my linux partition thats the best idea I have. Any help? :) Thx Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
(fwd) Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
I think that nDiScReEt wanted to send this mail here, so I forwarded it. - Forwarded message from nDiScReEt [EMAIL PROTECTED] - From: nDiScReEt [EMAIL PROTECTED] Subject: Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site] To: [EMAIL PROTECTED] Organization: Maximum Time Unlimited If you have enough space, you can try this: mkdir ~/public_html and copy all your mp3 dir there To access the page: http://your-ip/~your-login/mp3 for example, if my login is hicham, I'll try: http://my-ip/~hicham/mp3 Or you can symlink the directory. Let us say that the other partition that contains the mp3 is mounted on windows. You would link the mp3 directory like so (YOu would already be in the /var/www/html directory): ln -s /mnt/windows/share/mp3 mp3 This directory where your mp3s are located will have to be mounted first. HTH -- Altoine B Maximum Time Unlimited Chicago Based and Operated The more you enjoy your research, the less data there is to support it. -- Murphy's Laws for Researchers n°7 --- 2.4.18-16mdk Mandrake Linux release 8.3 (Cooker) for i586 - End forwarded message - -- -. [EMAIL PROTECTED]-. + http://www.hicham.org `. -' hicham.org/gpgkey.txt `'D599 D175 BC4D FAFD C902 353C EE51 DC73 B362 44FA `- -- - - -' msg54442/pgp0.pgp Description: PGP signature
Re: (fwd) Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Sun, 26 May 2002 00:13:14 -0400 Hicham A. [EMAIL PROTECTED] wrote: I think that nDiScReEt wanted to send this mail here, so I forwarded it. Or you can symlink the directory. Let us say that the other partition that contains the mp3 is mounted on windows. You would link the mp3 directory like so (YOu would already be in the /var/www/html directory): ln -s /mnt/windows/share/mp3 mp3 This directory where your mp3s are located will have to be mounted first. HTH Allrighty! This is what I was looking for ! TY nDiscreet ! :) And mucho thx hugs to you Hiram ;) Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Sat, 25 May 2002 20:50:16 -0700 James [EMAIL PROTECTED] wrote: Check your commonhttpd.conf file, (/etc/httpd/conf/ ) but usually the default allows you to follow symlinks (in the past) if not look for # Each directory to which Apache has access, can be configured with respect# to which services and features are allowed and/or disabled in that# directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # permissions. # # Also, for security, we disable indexes globally # Directory / Options -Indexes FollowSymLinks AllowOverride None /Directory and make it look like the above. Then go to var/www/html and type ln -s/absolute/path/to/my/directory directory This will then be the same as moving them physically there. It's a hack but it works. James *giggles* Hacks are cool. Thx mucho James. I'll try your idea /or ndiscreets. Not sure which yet will yield better results. As an aside, any chance someone can point me to a newbie-fied apache install/maintenance URL? I'm pretty useless with HTML/web stuff...having never tried it, but am a fast learner *Smiles*. Thx for all you guys' help! I hope to get this working soon...lord knows I've learned alot since I asked what I thought was a simple question. Heh, never underestimate the power of linux to make it complex fast :) Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre BTW, fwiw I found most of these kids are trying to get to my NETBios * i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it isn't someone on one of the lists..cause this started not long after i posted the info on the ftp. :\ *hopes i'm wrong...sigh* -- Femme Good Decisions You boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
FemmeFatale wrote: BTW, fwiw I found most of these kids are trying to get to my NETBios * i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it isn't someone on one of the lists..cause this started not long after i posted the info on the ftp. :\ *hopes i'm wrong...sigh* Femme, you need to talk to us. Am I the only one that feels your postings are somewhat cryptic. Are you being hit with an ddos type of attack? Why, if I might ask, are your running a ftp service using windows? Anyone here could refer you to many sites that would advise you against such an activity. Are you saying that you run your netbios on the internet, and what is a g/f*. Maybe it is just me that is out to lunch but if you want some help, you will need to be a bit more forthcoming drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 18:48:41 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 19:19:47 -0500 J. Craig Woods [EMAIL PROTECTED] wrote: Femme, you need to talk to us. Am I the only one that feels your postings are somewhat cryptic. Are you being hit with an ddos type of attack? Why, if I might ask, are your running a ftp service using windows? Anyone here could refer you to many sites that would advise you against such an activity. Are you saying that you run your netbios on the internet, and what is a g/f*. Maybe it is just me that is out to lunch but if you want some help, you will need to be a bit more forthcoming drjung Sorry i forget my shorthand isn't used by all. I'm running a small ftp for people on windows because thats all I knew, until recently finding Linux. Linux is perfectly capable of doing this but i don't know how to use an ftp server in it. So, I use windows for now. Its a small ftp server using Serv-U as the server itself. As for Netbios, whats happening is my logs say someone is trying to get through to it. Don't know why. I thought it was because I share a hard drive with my girlfriend at home on a 3 computer LAN. I'm behind a firewall called zone alarm, and it logs any connect attempts rather thoroughly. I also have a log analyzing program that tells me what the logs mean, who's IP it was that tried to connect, type of connection logged, etc. What I want is simply to run a small ftp server for ppl on these lists for close friends to connect to for documents music. Windows until the last 3 or 4 days, has done a fine job of it. However in the last few days I've been getting knocked off line for whatever reason, and I suspect its because of this ftp thats up running. Its the only plausible explanation I have other than my ISP is screwing up. I did call the ISP to see if there were any problems the automated service they use told me there seem to be none in my area. Today I booted into linux, setup teh Bastille firewall made it pretty secure against outside interference. I'm hoping that if it is a hacker/cracker trying to gain entry, bastille will log the attempts more thoroughly so I may find out what to do. If its just my isp I'm hoping that will be logged as well somehow. I also hope if it is a cracker trying to get in, Bastille will do a better job of stopping them I won't get knocked offline as was happening in Windows. Sorry if I haven't been very clear, been on painkillers for two days. Today is the first day I've got a clearer mind I hope this explanation suffices for you Dr.Jung *s*. Thx for your help, if you can offer any on how to setup a small ftp (or something) to do what I need it to do. Femme You might want to try ProFTP for your ftp server on linux. It's pretty normal for you to see connection attempts blocked by zone alarm - you are using visual zone to show the logs? Right now you might be seeing more attempts to connect to port 1433 than anything else unless your ISP is already blocking that port. -- Brian - [EMAIL PROTECTED] My Home Page: http://www.brimac.com/~brianmac Fine Photos: http://www.brimacphotography.com Art for Sale: http://www.artbrowser.com Classified Advertising: http://www.sellit2000.com A lack of leadership is no substitute for inaction. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
FemmeFatale wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre BTW, fwiw I found most of these kids are trying to get to my NETBios * i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it isn't someone on one of the lists..cause this started not long after i posted the info on the ftp. :\ *hopes i'm wrong...sigh* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Hmmm, I seem to recall Microsoft had an anti-spoofing feature for ISPs using NT that hit port 139 and shut you down if the response wasn't what the program thougt it should be (shut down linux workstations all over the parts of Alaska served by a cable modem company for a while, at intervals of 4 hours, and then a reboot into windows was necessary to get the link activated), but this sounds like lots more queries aimed at 139. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 18:51:02 -0700 Brian [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 18:48:41 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 19:19:47 -0500 J. Craig Woods [EMAIL PROTECTED] wrote: Femme, you need to talk to us. Am I the only one that feels your postings are somewhat cryptic. Are you being hit with an ddos type of attack? Why, if I might ask, are your running a ftp service using windows? Anyone here could refer you to many sites that would advise you against such an activity. Are you saying that you run your netbios on the internet, and what is a g/f*. Maybe it is just me that is out to lunch but if you want some help, you will need to be a bit more forthcoming drjung Sorry i forget my shorthand isn't used by all. I'm running a small ftp for people on windows because thats all I knew, until recently finding Linux. Linux is perfectly capable of doing this but i don't know how to use an ftp server in it. So, I use windows for now. Its a small ftp server using Serv-U as the server itself. As for Netbios, whats happening is my logs say someone is trying to get through to it. Don't know why. I thought it was because I share a hard drive with my girlfriend at home on a 3 computer LAN. I'm behind a firewall called zone alarm, and it logs any connect attempts rather thoroughly. I also have a log analyzing program that tells me what the logs mean, who's IP it was that tried to connect, type of connection logged, etc. What I want is simply to run a small ftp server for ppl on these lists for close friends to connect to for documents music. Windows until the last 3 or 4 days, has done a fine job of it. However in the last few days I've been getting knocked off line for whatever reason, and I suspect its because of this ftp thats up running. Its the only plausible explanation I have other than my ISP is screwing up. I did call the ISP to see if there were any problems the automated service they use told me there seem to be none in my area. Today I booted into linux, setup teh Bastille firewall made it pretty secure against outside interference. I'm hoping that if it is a hacker/cracker trying to gain entry, bastille will log the attempts more thoroughly so I may find out what to do. If its just my isp I'm hoping that will be logged as well somehow. I also hope if it is a cracker trying to get in, Bastille will do a better job of stopping them I won't get knocked offline as was happening in Windows. Sorry if I haven't been very clear, been on painkillers for two days. Today is the first day I've got a clearer mind I hope this explanation suffices for you Dr.Jung *s*. Thx for your help, if you can offer any on how to setup a small ftp (or something) to do what I need it to do. Femme You might want to try ProFTP for your ftp server on linux. It's pretty normal for you to see connection attempts blocked by zone alarm - you are using visual zone to show the logs? Right now you might be seeing more attempts to connect to port 1433 than anything else unless your ISP is already blocking that port. -- Brian - [EMAIL PROTECTED] Yes I'm seeing 1433 turn up alot along with some suspicious ports :( Don't know what to do about it I reconfigured Bastille intoa more paranoid mode, and since I've done that 20 mins ago, it seems to be holding up much more like the BrickWall its supposed to be. Crossing my fingers this continues. I will run linux for a day or so see if this Firewall I just did in Linux will work as well as I hope it shall. Ty for your info. What is 1433 anyway? Sorry but i'm totally clueless :( Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 17:53:02 -0800 civileme [EMAIL PROTECTED] wrote: FemmeFatale wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre BTW, fwiw I found most of these kids are trying to get to my NETBios * i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it isn't someone on one of the lists..cause this started not long after i posted the info on the ftp. :\ *hopes i'm wrong...sigh* Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Hmmm, I seem to recall Microsoft had an anti-spoofing feature for ISPs using NT that hit port 139 and shut you down if the response wasn't what the program thougt it should be (shut down linux workstations all over the parts of Alaska served by a cable modem company for a while, at intervals of 4 hours, and then a reboot into windows was necessary to get the link activated), but this sounds like lots more queries aimed at 139. Civileme *nods* Got those ports being attacked too, as well as looking for SSH ports Some other obscure ports Unix/linux uses. I don't know why though... whats 139 Sorry i'm sorta half-aware/educated on security (hangs my head sheepishly). Help? Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 20:04:45 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 18:51:02 -0700 Brian [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 18:48:41 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 19:19:47 -0500 J. Craig Woods [EMAIL PROTECTED] wrote: Femme, you need to talk to us. Am I the only one that feels your postings are somewhat cryptic. Are you being hit with an ddos type of attack? Why, if I might ask, are your running a ftp service using windows? Anyone here could refer you to many sites that would advise you against such an activity. Are you saying that you run your netbios on the internet, and what is a g/f*. Maybe it is just me that is out to lunch but if you want some help, you will need to be a bit more forthcoming drjung Sorry i forget my shorthand isn't used by all. I'm running a small ftp for people on windows because thats all I knew, until recently finding Linux. Linux is perfectly capable of doing this but i don't know how to use an ftp server in it. So, I use windows for now. Its a small ftp server using Serv-U as the server itself. As for Netbios, whats happening is my logs say someone is trying to get through to it. Don't know why. I thought it was because I share a hard drive with my girlfriend at home on a 3 computer LAN. I'm behind a firewall called zone alarm, and it logs any connect attempts rather thoroughly. I also have a log analyzing program that tells me what the logs mean, who's IP it was that tried to connect, type of connection logged, etc. What I want is simply to run a small ftp server for ppl on these lists for close friends to connect to for documents music. Windows until the last 3 or 4 days, has done a fine job of it. However in the last few days I've been getting knocked off line for whatever reason, and I suspect its because of this ftp thats up running. Its the only plausible explanation I have other than my ISP is screwing up. I did call the ISP to see if there were any problems the automated service they use told me there seem to be none in my area. Today I booted into linux, setup teh Bastille firewall made it pretty secure against outside interference. I'm hoping that if it is a hacker/cracker trying to gain entry, bastille will log the attempts more thoroughly so I may find out what to do. If its just my isp I'm hoping that will be logged as well somehow. I also hope if it is a cracker trying to get in, Bastille will do a better job of stopping them I won't get knocked offline as was happening in Windows. Sorry if I haven't been very clear, been on painkillers for two days. Today is the first day I've got a clearer mind I hope this explanation suffices for you Dr.Jung *s*. Thx for your help, if you can offer any on how to setup a small ftp (or something) to do what I need it to do. Femme You might want to try ProFTP for your ftp server on linux. It's pretty normal for you to see connection attempts blocked by zone alarm - you are using visual zone to show the logs? Right now you might be seeing more attempts to connect to port 1433 than anything else unless your ISP is already blocking that port. -- Brian - [EMAIL PROTECTED] Yes I'm seeing 1433 turn up alot along with some suspicious ports :( Don't know what to do about it I reconfigured Bastille intoa more paranoid mode, and since I've done that 20 mins ago, it seems to be holding up much more like the BrickWall its supposed to be. Crossing my fingers this continues. I will run linux for a day or so see if this Firewall I just did in Linux will work as well as I hope it shall. Ty for your info. What is 1433 anyway? Sorry but i'm totally clueless :( Femme 1433 is the Microsoft SQL server port - lots of attacks going around trying to gain access to sites which didn't set an administrator password. -- Brian - [EMAIL PROTECTED] My Home Page: http://www.brimac.com/~brianmac Fine Photos: http://www.brimacphotography.com Art for Sale: http://www.artbrowser.com Classified Advertising: http://www.sellit2000.com The trouble with doing something right the first time is that no one appreciates how difficult it was. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 20:06:23 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 17:53:02 -0800 civileme [EMAIL PROTECTED] wrote: FemmeFatale wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre BTW, fwiw I found most of these kids are trying to get to my NETBios* i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it isn't someone on one of the lists..cause this started not long after i posted the info on the ftp. :\ *hopes i'm wrong...sigh* -- -- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Hmmm, I seem to recall Microsoft had an anti-spoofing feature for ISPs using NT that hit port 139 and shut you down if the response wasn't what the program thougt it should be (shut down linux workstations all over the parts of Alaska served by a cable modem company for a while, at intervals of 4 hours, and then a reboot into windows was necessary to get the link activated), but this sounds like lots more queries aimed at 139. Civileme *nods* Got those ports being attacked too, as well as looking for SSH ports Some other obscure ports Unix/linux uses. I don't know why though... whats 139 Sorry i'm sorta half-aware/educated on security(hangs my head sheepishly). NetBios-ssn do what I do cat /etc/services | grep xxx .. fast way to find out what's what... *grin* James Help? Femme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site. James On Fri, 24 May 2002 17:55:45 -0800 civileme [EMAIL PROTECTED] wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Thanks for the link--I have it bookmarked now. Unfortunately I hit the Send button before I dredged it up, quite by accident. I like the spirit of yours, kinda like my old spammers mailbox crush routine before they got smart and didn't try to use the same mailbox twice. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 20:50:52 -0700 James [EMAIL PROTECTED] wrote: If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site. Where's the *fun* in that...? I prefer 'self-defense' tactics... :-} If someone attacks you with a gun, it's legal to disarm them... Try to disarm their machine if they use that... Pierre James On Fri, 24 May 2002 17:55:45 -0800 civileme [EMAIL PROTECTED] wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Thanks for the link--I have it bookmarked now. Unfortunately I hit the Send button before I dredged it up, quite by accident. I like the spirit of yours, kinda like my old spammers mailbox crush routine before they got smart and didn't try to use the same mailbox twice. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
Got a script to attack the attacker? I've been looking for one. On Fri, 24 May 2002 20:50:52 -0700 James [EMAIL PROTECTED] wrote: If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site. Where's the *fun* in that...? I prefer 'self-defense' tactics... :-} If someone attacks you with a gun, it's legal to disarm them... Try to disarm their machine if they use that... Pierre James On Fri, 24 May 2002 17:55:45 -0800 civileme [EMAIL PROTECTED] wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Thanks for the link--I have it bookmarked now. Unfortunately I hit the Send button before I dredged it up, quite by accident. I like the spirit of yours, kinda like my old spammers mailbox crush routine before they got smart and didn't try to use the same mailbox twice. Civileme -- Windows has problems. Novell has solutions. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 20:49:21 -0700 *nods* Got those ports being attacked too, as well as looking for SSH ports Some other obscure ports Unix/linux uses. I don't know why though... whats 139 Sorry i'm sorta half-aware/educated on security(hangs my head sheepishly). NetBios-ssn do what I do cat /etc/services | grep xxx .. fast way to find out what's what... *grin* James Help? Femme Dunno if you were serious but... did that... Big list of stuff! wow... wish i knew what i'm looking for... and btw, linux has been up for about 4 hours now, with only 1 when the Net went down. Restarted teh daemon, works fine. After I made Bastille sit up be a paranoid little SOB, it seems I'm fending off nicely whoever is attacking me. Or they gave up. :) Where do I look to see what kind of stuff Bastille logs? I use Portsentry too but don't know how it works or exactly how to communicate/query it so I can see what its doing too. any clues? hints? knowledgable donations :) Femme (next i need to figure how to implement what civilme suggested with Apache...yeck. doesn't sound fun). Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Friday 24 May 2002 10:50 pm, you wrote: If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site. James I'm interested. On Fri, 24 May 2002 17:55:45 -0800 civileme [EMAIL PROTECTED] wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own (http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Thanks for the link--I have it bookmarked now. Unfortunately I hit the Send button before I dredged it up, quite by accident. I like the spirit of yours, kinda like my old spammers mailbox crush routine before they got smart and didn't try to use the same mailbox twice. Civileme -- Altoine B Maximum Time Unlimited Chicago Based and Operated Age, n.: That period of life in which we compound for the vices that we still cherish by reviling those that we no longer have the enterprise to commit. -- Ambrose Bierce --- 2.4.18-6mdk Mandrake Linux release 8.2 (Bluebird) for i586 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 23:22:29 -0600 Femme [EMAIL PROTECTED] wrote: On Fri, 24 May 2002 20:49:21 -0700 *nods* Got those ports being attacked too, as well as looking for SSH ports Some other obscure ports Unix/linux uses. I don't know why though... whats 139 Sorry i'm sorta half-aware/educated on security(hangs my head sheepishly). NetBios-ssn do what I do cat /etc/services | grep xxx .. fast way to find out what's what... *grin* James Help? Femme Dunno if you were serious but... did that... Big list of stuff! wow... wish i knew what i'm looking for... and btw, linux has been up for about 4 hours now, with only 1 when the Net went down. Restarted teh daemon, works fine. After I made Bastille sit up be a paranoid little SOB, it seems I'm fending off nicely whoever is attacking me. Or they gave up. :) Where do I look to see what kind of stuff Bastille logs? I use Portsentry too but don't know how it works or exactly how to communicate/query it so I can see what its doing too. any clues? hints? knowledgable donations :) Femme (next i need to figure how to implement what civilme suggested with Apache...yeck. doesn't sound fun). Actually pretty easy. cd to /var/www/html move any index.xxx files to index.xxx.old then put the files you want to share in this directory. voila when people go to http://your.ip.number they get a list of files and can then http them down.(the old right click save as routine) Quick and dirty. The default action in apache et all is that when the index files aren't there just give a list of what is. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: honeyport/shutdown [was: Re: [expert] OT, my ftp site]
On Fri, 24 May 2002 21:43:37 -0700 [EMAIL PROTECTED] wrote: Got a script to attack the attacker? I've been looking for one. Nah I'm being a good little boy. Actually once my box is covered I don't care. Someone did write something that when his/her box was attacked by codered it used the codered backdoor and patched the server. Wish I knew where this was. James On Fri, 24 May 2002 20:50:52 -0700 James [EMAIL PROTECTED] wrote: If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site. Where's the *fun* in that...? I prefer 'self-defense' tactics... :-} If someone attacks you with a gun, it's legal to disarm them... Try to disarm their machine if they use that... Pierre James On Fri, 24 May 2002 17:55:45 -0800 civileme [EMAIL PROTECTED] wrote: Pierre Fortin wrote: On Thu, 23 May 2002 23:15:52 -0800 civileme [EMAIL PROTECTED] wrote: Load up the honeyport for Nimda and the shutdown script for codered and see what happens Civileme, Where can I find the tools you're referring to...? I have my own(http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested in anyone else's defense mechanisms... As to reflecting/responding to an attack, here's my position: http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) Thanks, Pierre -- -- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Thanks for the link--I have it bookmarked now. Unfortunately I hit the Send button before I dredged it up, quite by accident. I like the spirit of yours, kinda like my old spammers mailbox crush routine before they got smart and didn't try to use the same mailbox twice. Civileme -- Windows has problems. Novell has solutions. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
