I removed p9100 from syslinux.cfg I still get:
Right at the end
snip
Starting additional networking services:
dnscache queries allowed from 192.168
dnscache queries allowed from 127.0.0.1
Starting dnscache without daemontools ...
Starting LaBrea Tarpitpcap_lookupnet(eth0): SIOCGIFADDR: eth0: Canno
C. Dummy wrote:
Hi I'm running Dachstein 1.02 with pppoe and with printer
server(protocol RAW port 9100).. I have installed LaBrea. I edited both
files in /etc listing my used network adresses. When I boot lrp box I
get message:
P-lookupnet(eth0): SIOCGIFADDR:eth0:cannot assign requested addre
Hi I'm running Dachstein 1.02 with pppoe and with printer
server(protocol RAW port 9100).. I have installed LaBrea. I edited both
files in /etc listing my used network adresses. When I boot lrp box I
get message:
P-lookupnet(eth0): SIOCGIFADDR:eth0:cannot assign requested address
I tried to loo
> LaBrea starts up ok but displays an error message this "Starting
LaBrea: Tarpitifconfig: not found". When I lookup "ps aux", I see a
process number signifying that the program has started. I do have
entries for exclude and excludehard capture files.
> What is wrong?
If you're using my LaBrea pa
LaBrea starts up ok but displays an error message this "Starting LaBrea:
Tarpitifconfig: not found". When I lookup "ps aux", I see a process number signifying
that the program has started. I do have entries for exclude and excludehard capture
files.
What is wrong?
GD
--
This weekend I received a call from the service provider of one of my office
locations, rather shitty call from the (alleged) owner. At any rate, after
getting past his extremely rude behavior we determined the LaBrea was doing
exactly what it was written for, which is to virtually sit on unused
> Must LaBrea run on a seperate machine than the firewall, or am I doing
> something else wrong?
I haven't crawled through the low-level code, and at this point don't know
enough low-level networking to be able to recognize what I'm looking at, but
I think LaBrea needs to run where it is "recievi
I would like to configure LaBrea on my firewall to look for port scans on my
DMZ.
I have replaced eth0 in the init script with eth2 (my DMZ), and inserted the
-s
option (I am using a network switch instead of a hub - not sure if this is
needed since I would think
any traffic would have to hit the
> I recently decided to try out LaBrea - and I'm not sure if it is
working.
> According to it - the filter is receiving packets - but nothing is making
it
> into syslog. I decided to try -v (verbose logging) still to no avail. If
I
> kill the LaBrea process then it logs some info to syslog:
>
Hey all,
I recently decided to try out LaBrea - and I'm not sure if it is working.
According to it - the filter is receiving packets - but nothing is making it
into syslog. I decided to try -v (verbose logging) still to no avail. If I
kill the LaBrea process then it logs some info to sysl
HI,
I have been running LaBrea for a few days now and have gotten no hits
in my syslog. even though I know that it is running.
ps
19573 root root S /usr/sbin/LaBrea -i eth0 -l -p 8 -z
I just occurred to me that this because port 80 is not open to the
outside world. So I am about to
Charles,
> From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> Date: Fri, 5 Oct 2001 14:24:02 -0500
>
[...]
>
> TCP connections are initiated by a 3 way handshake, or conversation:
> client --> server : Are you there?
> client <-- server : Yes
> client --> server : OK (and starts sending d
> Is there anyway Labrea could be used if you are a simple cable user
> with one IP adres? Like by listening on some ports?
> Is this doable now or would it require a change to the sourcecode?
Not right now, but I'm looking into it. I'll post to the list if I get
anything like this working...
C
Is there anyway Labrea could be used if you are a simple cable user
with one IP adres? Like by listening on some ports?
Is this doable now or would it require a change to the sourcecode?
Kim Oppalfens
On Thu, 20 Sep 2001 14:42:52 -0500, Alec Miller wrote:
>Someone sent me this link in the midst
> Do you have any idea how much in the way of CPU time and memory
> would be required to implement tarpitting as part of LPR?
> I don't want to tarpitting to consume alll the resources of my firewall.
Some recently posted stats:
- Original Message -
From: "jamesh"
To: <[EMAIL PROTECTED]>
> Do you have any idea how much in the way of CPU time and memory
> would be required to implement tarpitting as part of LPR?
> I don't want to tarpitting to consume alll the resources of my firewall.
Check out the whitepaper at the LaBrea webpage for some details. In
general, tarpitting, or eve
Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Charles
> Steinkuehler
> Sent: 05 October 2001 17:52
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] LaBrea package available
>
>
> The LaBrea LRP package is now available:
> http://lr
The LaBrea LRP package is now available:
http://lrp.steinkuehler.net/Packages/LaBrea.htm
While this is currently only really useful for folks with extra IP addresses
hanging around, I'd like to get a setup 'Tarpitting' any inbound connection
requests that would normally be dropped by the firewall
:-) pretty cool Charles, pretty cool!!!
Charles Steinkuehler wrote:
>
> Of course, I've already got this running under LRP, and installed on my
> firewall here. Try, for example, the following:
> http://216.171.153.186/
___
Leaf-user mailing li
You have to check out this program, if you haven't heard about it already.
It grabs unused IP's on your network, and uses them to slow propogation of
any random scanning type worm. Rather than simply drop packets, the program
completes just enough of a TCP connection to cause the remote computer
On Thu, 20 Sep 2001, David Douthitt wrote:
> Alec Miller wrote:
>
> > I don't have the tools to make [LaBrea] into an LRP package, but I think this
> > could be a neat addon.
> >
> > (If it doesn't already exist for LRP)
>
> Wouldn't you know it I was just working on this; I've already done
Alec Miller wrote:
> I don't have the tools to make [LaBrea] into an LRP package, but I think this
> could be a neat addon.
>
> (If it doesn't already exist for LRP)
Wouldn't you know it I was just working on this; I've already done
it.
I made a few code changes - mainly designed to make
Someone sent me this link in the midst of the recent Nimda attacks.
I don't have the tools to make this into an LRP package, but I think this
could be a neat addon.
(If it doesn't already exist for LRP)
Alec
=
http://www.incidents.org/LaB
23 matches
Mail list logo
