Hi, Seems like the Right Thing to do...
http://hogwash.sourceforge.net/ Sergio Erazo -----Mensaje original----- De: Sergio Erazo [mailto:[EMAIL PROTECTED]] Enviado el: Lunes 8 de Octubre de 2001 11:37 Para: [EMAIL PROTECTED] Asunto: How to stop zombie scanners? Hi, I've set up a Linux box running snort a couple days ago. It's connected to the public side (Internet)of our network. During this time, the log files show *a lot* (80+) of zombie hosts trying to break into our servers, mostly with IIS attacks (cmd.exe, Code Red v2, others). Tried LaBrea, the problem is that we don't have any free IP address for this. Here are my questions: 1. Do you know of any tool that can help preventing the flood that zombies are sending into? 2. Does the zombie traffic affects the total bandwidth of my Internet connection? (MRTG shows a sustained use of 10-18Kbps...) Any help will be vastly appreciated. Sergio Erazo Systems Support SONDA
