On Thursday, Aug 29, 2002, at 09:34 US/Eastern, Nathan E Norman wrote:
This is why all ISPs should apply filters at their ingress/egress
points. Unfortunately, many do not.
While I don't want to start a flame war here, as all discussions of
this topic seem to become, I'd just like to point
Adam Majer wrote:
I know. It is crazzy. I actually would like to see some sort of a
better defence than just standing there uselessly. I mean, in real
life if a country (community etc..) gets attacked by another, there is
usually a war and someone is tought a lesson. But here, all we
do is
Simple. Random IP-address block scans. Having the box live on the 'net
alone guarantees that it will get some random hits. Prepare to see lot more
of them from here-on.
Script-kiddies, trying to find suitable hosts for their mass exploitation
tools. Worms, eagerly propagating on their
Hi Peter.
Peter Cordes wrote:
[tarpit for attacking worms]
I remember hearing about people doing exactly that. Maybe it was mentioned
on /. or the local LUG mailing list (http://nslug.ns.ca/).
Sounds interesting. The LUG website is unreachable at the moment, but I
will dig the slashdot
* Quoting Jones, Steven ([EMAIL PROTECTED]):
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
That makes you open to DoS-Attacks. Someone could
scan you with spoofed source-IP and disconnect
your box. A tarpit is a much better aproach
.
- -Original Message-
From: Rolf Kutz [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 5:18 AM
To: [EMAIL PROTECTED] Debian. Org
Subject: Re: Mail relay attempts
* Quoting Jones, Steven ([EMAIL PROTECTED]):
Ive found port sentry really good for detecting port scans
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
Not necessarily. You can stop blind spoofing attacks where
ip's
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
No. For example, let's say someone manages to spoof mailout.aol.com
On Wed, Aug 28, 2002 at 11:49:36AM +0200, Michael Renzmann wrote:
I'll add another one to that: I started using syslogd-sql, which is a
modified version of the syslog 1.4.1 that also allows logging to a
MySQL database. I hope it is a step in the right direction to use
advances SQL queries
On Thursday, 29 August 2002, at 16:57:09 +0100,
Dale Amon wrote:
I'll add another one to that: I started using syslogd-sql, which is a
modified version of the syslog 1.4.1 that also allows logging to a
MySQL database. I hope it is a step in the right direction to use
advances SQL
Hi Dale.
Dale Amon wrote:
The only thing you can do is to make damn certain your box does not become
part of the problem.
I'll add to that: make sure you actually check your logs. I use syslog-ng to
bring all essential realtime logging to a hardened server;
I'll add another one to that: I
Hi.
Jones, Steven wrote:
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
As an addition to that idea: would it be possible to cause similar
effects to HTTP-server worms with a modified tarpit? Maybe a modified
version of the
On Wed, Aug 28, 2002 at 11:56:24AM +0200, Michael Renzmann wrote:
Hi.
Jones, Steven wrote:
Ive found port sentry really good for detecting port scans and then
routeing
the return packets to no where.
As an addition to that idea: would it be possible to cause similar
effects to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is great, Just great. I run a mail server on dsl service
provided by mabell. I wrote a perl script that mails me some reports
on activities on my server everyday. I wake up this morning and I
have an alarm.
Obviously, non of these were
Daniel J. Rychlik wrote:
This is great, Just great. I run a mail server on dsl service
provided by mabell. I wrote a perl script that mails me some reports
on activities on my server everyday. I wake up this morning and I
have an alarm.
Obviously, non of these were relayed from my server
Hi Karl.
Karl Breitner wrote:
What can I say Daniel, except welcome to the harsh reality of a postmaster.
Hmm, as I'm to become a postmaster in a few days, too, I would like to
learn a bit more about that. Most probably this list is not intended for
chat like this, so I would be happy to
Karl Breitner wrote:
Welcome to the world of SPAMfighting
Our new server has an official IP since last saturday, and no domain
name pointing to it yet besides a dyndns-account I abused for testing
purpose. Within these three days of operation I had several persons
trying to get access to
On Tue, Aug 27, 2002 at 04:11:21PM +0300, Mika Bostr?m wrote:
Karl Breitner wrote:
Welcome to the world of SPAMfighting
Our new server has an official IP since last saturday, and no domain
name pointing to it yet besides a dyndns-account I abused for testing
purpose. Within these three
On Tue, Aug 27, 2002 at 06:12:51AM -0500, Daniel J. Rychlik wrote:
This is great, Just great. I run a mail server on dsl service
provided by mabell. I wrote a perl script that mails me some reports
on activities on my server everyday. I wake up this morning and I
have an alarm.
Obviously,
On Tue, 27 Aug 2002 at 11:32:53PM +1000, Craig Sanders wrote:
PS: actually, the only other thing you could do is set firewall rules
blocking inbound tcp port 25. if your mail server is the primary MX for
your domain then you would also need a secondary MX and open the
firewall for just that
* Craig Sanders [EMAIL PROTECTED] [020827 17:07]:
On Tue, Aug 27, 2002 at 06:12:51AM -0500, Daniel J. Rychlik wrote:
PS: actually, the only other thing you could do is set firewall rules
blocking inbound tcp port 25. if your mail server is the primary MX for
your domain then you would also
* Quoting Craig Sanders ([EMAIL PROTECTED]):
PS: actually, the only other thing you could do is set firewall rules
blocking inbound tcp port 25. if your mail server is the primary MX for
your domain then you would also need a secondary MX and open the
firewall for just that machine.
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
:)
Thing
-Original Message-
From: Rolf Kutz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 28 August 2002 4:10
To: [EMAIL PROTECTED] Debian. Org
Subject: Re: Mail relay attempts
23 matches
Mail list logo
