Re: RRe: How to report Internet Abuse
On 7/28/10 11:12 AM, Ed wrote: On Tue, Jul 27, 2010 at 12:51 PM, Michael Havens wrote: that was really a good post! If this is real abuse, you can always complain to the admin of the IP superblock - IANA -> ARIN -> GlobalTelecomHolding -> SmallerGlobalTelecom -> . find out who manages the block of IP from which you are getting attacked - it's their client, maybe they can control 'em.I don't know if this works anymore - without legal papers. ymmv too bad the old internet cabal isn't around anymore (remember? There is No Cabal). it would be nice to have that again. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RRe: How to report Internet Abuse
On Tue, Jul 27, 2010 at 12:51 PM, Michael Havens wrote: > that was really a good post! > If this is real abuse, you can always complain to the admin of the IP superblock - IANA -> ARIN -> GlobalTelecomHolding -> SmallerGlobalTelecom -> . find out who manages the block of IP from which you are getting attacked - it's their client, maybe they can control 'em.I don't know if this works anymore - without legal papers. ymmv > On Tue, Jul 27, 2010 at 12:45 PM, gm5729 wrote: >> >> You can't stop a server from hitting you. It's impossible. >> >> You can stop it from getting into your network. >> >> Three quickies are a proper IPTables >> A new invention called hosts.allow/hosts.deny. You can block whole >> countries this way. I have about a dozen that I do. so which parts of the planet do you block? or do you subscribe to a RBL? http://en.wikipedia.org/wiki/DNSBL >> Making sure your first line of defense -- the router is configure >> properly. Mine basically has a hosts.allow/hosts.deny function on it >> so I use it. it is a good idea to put yourself in hosts.allow before adding anything to hosts.deny. >> >> If it is a specific port you use for whatever: port knocking, adjust >> the port above 2000 so that perchance someone gets in they only have >> user level perms. If it is port 22. Make sure your ssh/sshd files are >> properly configured. You can nail down to a specific IP and/or >> user/group that is supposed to use SSH. >> >> Use PAM. >> >> Make sure your /etc/sysctl.conf file is properly configured. >> >> Make sure your kernel is stack hardened. I like Zen, but others like >> others. If you need super security there is always IPSec, GRsec sp? >> and even SELinux. >> >> Ensure sane compliance to passphrases. >> >> You can use sshguard, fail2ban or the like to slow down robots. They >> like to hit hard and fast. If you slow them down to 15 mins of having >> to wait to try 3 more times. They get bored and move on. >> >> Don't know what kind of distro you use. Change your shadow file to >> blowfish, which might require a kernel recompile as most don't go that >> far OR use the highest level of passphrase encryption possible which >> is SHA512. Most distros only use MD5. I'm going to include SSH >> in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most >> secure. DES by itself is not, but DES3 is... basically be smart. >> >> Permissions, permissions, permissions. Don't use world readable files >> if not necessary. >> >> Make sure you have a robots.txt file in your Apache Setup. >> >> Anyway, >> >> vp >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > :-)~MIKE~(-: > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: RRe: How to report Internet Abuse
that was really a good post! On Tue, Jul 27, 2010 at 12:45 PM, gm5729 wrote: > You can't stop a server from hitting you. It's impossible. > > You can stop it from getting into your network. > > Three quickies are a proper IPTables > A new invention called hosts.allow/hosts.deny. You can block whole > countries this way. I have about a dozen that I do. > Making sure your first line of defense -- the router is configure > properly. Mine basically has a hosts.allow/hosts.deny function on it > so I use it. > > If it is a specific port you use for whatever: port knocking, adjust > the port above 2000 so that perchance someone gets in they only have > user level perms. If it is port 22. Make sure your ssh/sshd files are > properly configured. You can nail down to a specific IP and/or > user/group that is supposed to use SSH. > > Use PAM. > > Make sure your /etc/sysctl.conf file is properly configured. > > Make sure your kernel is stack hardened. I like Zen, but others like > others. If you need super security there is always IPSec, GRsec sp? > and even SELinux. > > Ensure sane compliance to passphrases. > > You can use sshguard, fail2ban or the like to slow down robots. They > like to hit hard and fast. If you slow them down to 15 mins of having > to wait to try 3 more times. They get bored and move on. > > Don't know what kind of distro you use. Change your shadow file to > blowfish, which might require a kernel recompile as most don't go that > far OR use the highest level of passphrase encryption possible which > is SHA512. Most distros only use MD5.I'm going to include SSH > in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most > secure. DES by itself is not, but DES3 is... basically be smart. > > Permissions, permissions, permissions. Don't use world readable files > if not necessary. > > Make sure you have a robots.txt file in your Apache Setup. > > Anyway, > > vp > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RRe: How to report Internet Abuse
You can't stop a server from hitting you. It's impossible. You can stop it from getting into your network. Three quickies are a proper IPTables A new invention called hosts.allow/hosts.deny. You can block whole countries this way. I have about a dozen that I do. Making sure your first line of defense -- the router is configure properly. Mine basically has a hosts.allow/hosts.deny function on it so I use it. If it is a specific port you use for whatever: port knocking, adjust the port above 2000 so that perchance someone gets in they only have user level perms. If it is port 22. Make sure your ssh/sshd files are properly configured. You can nail down to a specific IP and/or user/group that is supposed to use SSH. Use PAM. Make sure your /etc/sysctl.conf file is properly configured. Make sure your kernel is stack hardened. I like Zen, but others like others. If you need super security there is always IPSec, GRsec sp? and even SELinux. Ensure sane compliance to passphrases. You can use sshguard, fail2ban or the like to slow down robots. They like to hit hard and fast. If you slow them down to 15 mins of having to wait to try 3 more times. They get bored and move on. Don't know what kind of distro you use. Change your shadow file to blowfish, which might require a kernel recompile as most don't go that far OR use the highest level of passphrase encryption possible which is SHA512. Most distros only use MD5.I'm going to include SSH in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most secure. DES by itself is not, but DES3 is... basically be smart. Permissions, permissions, permissions. Don't use world readable files if not necessary. Make sure you have a robots.txt file in your Apache Setup. Anyway, vp --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
