On Thu, Dec 23, 1999 at 09:32:30AM -0500, Paul D. Robertson wrote:
On Wed, 22 Dec 1999, Davis Ford wrote:
This may have already been mentioned, but take a look at a program called
portsentry (find it on freshmeat).
It will detect when someone runs a port scan on you, and then it will
On Wed, 29 Dec 1999, Michael H. Warfield wrote:
It will detect when someone runs a port scan on you, and then it will
automatically drop them into hosts.deny file, or better yet, it will add a
rule to ipchains which will automatically block their IP from accessing your
system. it
On Wed, 22 Dec 1999, Davis Ford wrote:
This may have already been mentioned, but take a look at a program called
portsentry (find it on freshmeat).
It will detect when someone runs a port scan on you, and then it will
automatically drop them into hosts.deny file, or better yet, it will add a
Hi,
Just wanted to know which Intrusion detections softwares are really good.
Iam planning to use RealSecure from ISS. Any suggestions. Also what would
one do if they discovered an attack being done on the firewall or their
DMZ service area. This is a hypothetical Q, are their any general
I'm getting kind of tired of sending reports of
port scans and attempted break-ins to people who
don't really seem interested in doing something
about the problem. I always ask them to keep me
informed about how they deal with those
responsible, but very few have the courtesy to
also see:
http://www.kyuzz.org/antirez/hping2.html
by:
[EMAIL PROTECTED]
Thanks,
Ron DuFresne
On Tue, 21 Dec 1999, Parker, Gary W wrote:
Eric Johnson [EMAIL PROTECTED] said ...
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
How come this all tends to remind me of not too long ago, folks linking
their .project and .plan files to wickedly long text files, or devices
that wuld do all sorts of funky things with yer term, or little bits of
tcpd twist majik?
Thanks,
Ron DuFresne
On Tue, 21 Dec 1999, Paul D. Robertson
This may have already been mentioned, but take a look at a program called
portsentry (find it on freshmeat).
It will detect when someone runs a port scan on you, and then it will
automatically drop them into hosts.deny file, or better yet, it will add a
rule to ipchains which will
My $0.02 addition:
"Paul D. Robertson" wrote:
On Tue, 21 Dec 1999, Eric wrote:
How about just running a port scan against whoever is portscanning you.
If someone sees port scans coming from a system they are trying to break
into, it would hopefully scare them off.
A lot of times
On Tue, Dec 21, 1999 at 01:47:22AM -0600, Eric wrote:
I'm getting kind of tired of sending reports of port scans and attempted
break-ins to people who don't really seem interested in doing something
about the problem. I always ask them to keep me informed about how they
deal with those
Sounds like a really good idea Eric. However, I doubt that it's legal.
--
From: Eric[SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 12:47 AM
To: [EMAIL PROTECTED]
Subject: Dealing with port scanners / attackers
I'm getting kind of tired of
A few problems with that:
1) Sometimes portscans aren't malicious, that is I (at least) have
used quick scans to determine services that a remote host provides, ie
anon ftp and whatnot.
2) (big one) any ISP worth its salt will set its border routers to
reject packets with obviously forged
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your response.
The attack itself could well have been made using a spoofed address, and you
will in effect be further victimizing someone
Jim Littlefield wrote:
When filing complaints, I make it very clear that we will not accept a
lack of response from them and we will blackhole their network at our
router, should they choose to ignore our complaint. If they are not a
top-level provider, I also Cc their provider.
You're
Eric Johnson [EMAIL PROTECTED] said ...
I'm getting kind of tired of sending reports of
port scans and attempted break-ins ...
So something else is needed.
Suppose we ... spoof the source address and
perform a port scan against the port scanner's ISP?
... the ISP would see a port
Suppose we set up a firewall that, when it detects
a port scan, would spoof the source address and
perform a port scan against the port scanner's ISP?
That way, the ISP would see a port scan coming
from one of his own customers and would be more
likely to take an active interest in
Jim Littlefield [EMAIL PROTECTED] 12/21 5:22 AM
When filing complaints, I make it very clear that we will not accept a
lack of response from them and we will blackhole their network at our
router, should they choose to ignore our complaint. If they are not a
top-level provider, I also Cc their
But on the other hand, if THEY are a business (which most internet enabled networks
are), they lose a lot of business if everyone starts blackholing them...
Marc..
Gary Flynn [EMAIL PROTECTED] 12/21 7:10 AM
Jim Littlefield wrote:
When filing complaints, I make it very clear that we will
"Paul D. Robertson" wrote:
In that case, they'd probably be more interested in putting a stop to
you, and you'd perhaps run afoul of the law if you hit one of their
customer's machines. I'd recommend against it. Also, if they source
spoofed, you'd be scanning a bunch of other networks that
On Tue, 21 Dec 1999, Eric wrote:
I'm getting kind of tired of sending reports of
port scans and attempted break-ins to people who
don't really seem interested in doing something
about the problem. I always ask them to keep me
informed about how they deal with those
responsible, but
Eric Johnson [EMAIL PROTECTED] said ...
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your
response.
The attack itself could well have been made using a spoofed address, and
you
On Tue, Dec 21, 1999 at 09:08:09AM -0600, Eric wrote:
| I'm not clear on what a port scan accomplishes with a spoofed address
| unless it is just to make you think you're being scanned from elsewhere.
| If you're being scanned from a spoofed address, then whoever is trying to
| find a
I'm not clear on what a port scan accomplishes with a spoofed address
unless it is just to make you think you're being scanned from
elsewhere.
If you're being scanned from a spoofed address, then whoever
is trying to
find a vulnerability will never know the result, right?
Except, of
At 09:08 21-12-1999 -0600, you wrote:
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your response.
The attack itself could well have been made using a spoofed address, and
you
will in
Jeff Bachtel wrote:
A few problems with that:
1) Sometimes portscans aren't malicious, that is I (at least) have
used quick scans to determine services that a remote host provides, ie
anon ftp and whatnot.
But then the services you are trying to find are not BackOrifice or
other
On Tue, 21 Dec 1999, Eric wrote:
"Paul D. Robertson" wrote:
In that case, they'd probably be more interested in putting a stop to
you, and you'd perhaps run afoul of the law if you hit one of their
customer's machines. I'd recommend against it. Also, if they source
spoofed, you'd be
On Tue, 21 Dec 1999, Eric wrote:
How about just running a port scan against whoever is portscanning you.
If someone sees port scans coming from a system they are trying to break
into, it would hopefully scare them off.
A lot of times scans are done from an already compromised host, *if*
During the past three years, I have contacted the sysadmins at five
sites and provided them with a brief log extract. Four sites provided
feedback that the offender had their account revoked. The 5th site was
untraceable to the source as it was a computer lab at a major university
and I
Hi
I have a problem with PPPD.
On a slack 3.5 system it connects to my ISP just fine (through a leased line)
and the same connect scripts an everyting moved on a RedHat 6.1 machine don't
work. On the slack machine things go like this (taken from syslogd) :
pppd started by...
pppd using
If an attacker uses decoy mode you will be hit by 10 different source
addresses and only one is from the attacker itself. If you do a reverse
scan you will hit 9 addresses for which you appear to be an attacker.
My recommendation: secure your box and let them scan. A port scan is f*
boring
Could also be that ISP's don't care about your problem's as long as their
users are happy.
Renee Lee
-Original Message-
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 1:47 AM
To: [EMAIL PROTECTED]
Subject: Dealing with port scanners / attackers
I'm getting
31 matches
Mail list logo