Hi Benny/et al,
On 2015-09-24 Thu 14:42 PM |, Benny Lofgren wrote:
> On 2015-09-24 11:37, Pantelis Roditis wrote:
> > On 09/24/2015 11:39 AM, Peter Hessler wrote:
> >> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> >> :Hello,
> >> :
> >> :Zombies are often attacking ports
On 2015 Sep 24 (Thu) at 12:37:03 +0300 (+0300), Pantelis Roditis wrote:
:On 09/24/2015 11:39 AM, Peter Hessler wrote:
:>On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:>:Hello,
:>:
:>:Zombies are often attacking ports which don't have services running,
:>:such as telnet (most
On 09/24/2015 11:39 AM, Peter Hessler wrote:
On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:Hello,
:
:Zombies are often attacking ports which don't have services running,
:such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
Hi,
This is the exact
On 09/24/2015 12:48 PM, Peter Hessler wrote:
On 2015 Sep 24 (Thu) at 12:37:03 +0300 (+0300), Pantelis Roditis wrote:
:On 09/24/2015 11:39 AM, Peter Hessler wrote:
:>On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:>:Hello,
:>:
:>:Zombies are often attacking ports which don't
On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:Hello,
:
:Zombies are often attacking ports which don't have services running,
:such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
:
:With a default pf block drop in on $ext_if, how can those source ips be
Am Donnerstag, den 24.09.2015, 10:39 +0200 schrieb Peter Hessler:
> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> :Zombies are often attacking ports which don't have services running,
> :such as telnet (most popular indeed), mysql, 3551, 8080, 13272,
> etc.
> :
[..]
>
On 2015-09-24 11:37, Pantelis Roditis wrote:
> On 09/24/2015 11:39 AM, Peter Hessler wrote:
>> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
>> :Hello,
>> :
>> :Zombies are often attacking ports which don't have services running,
>> :such as telnet (most popular indeed),
On Thu, Sep 24, 2015 at 02:42:47PM +0200, Benny Lofgren wrote:
> On 2015-09-24 11:37, Pantelis Roditis wrote:
> > On 09/24/2015 11:39 AM, Peter Hessler wrote:
> >> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> >> :Hello,
> >> :
> >> :Zombies are often attacking ports
Thanks for all the helpful replies.
On 2015-09-23 Wed 18:14 PM |, Craig Skinner wrote:
>
> Zombies are often attacking ports which don't have services running,
> such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
>
This was logged from Friday - Monday (zombies love the
Hi Ted,
On 2015-09-23 Wed 13:51 PM |, Ted Unangst wrote:
> >
> > Zombies are often attacking ports which don't have services running,
> > such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
> >
>
> block log those ports, then process the log file?
>
Running tcpdump was
Hi Pantelis,
On 2015-09-24 Thu 12:37 PM |, Pantelis Roditis wrote:
>
> This is the exact reason why we created bofh-divert[1]. The idea is that you
> pass those packets with PF to a divert socket opened by a daemon. The daemon
> grabs the source IP and adds it to a predefined table.
>
Wow,
On 2015-09-24 Thu 14:42 PM |, Benny Lofgren wrote:
>
> I've used one of the inetd "trivial services" (echo, discard, chargen,
> daytime or time) for this purpose, in combination with a couple of PF
> rules. Something like this:
>
> match in log on egress from any to tag honeypot
> pass in log
Hello,
Zombies are often attacking ports which don't have services running,
such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
With a default pf block drop in on $ext_if, how can those source ips be
added to a table? Which all can be dropped & small queued.
I've tried to
Craig Skinner wrote:
> Hello,
>
> Zombies are often attacking ports which don't have services running,
> such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
>
> With a default pf block drop in on $ext_if, how can those source ips be
> added to a table? Which all can be
14 matches
Mail list logo