FemmeFatale wrote: >Pierre Fortin wrote: > >>On Thu, 23 May 2002 23:15:52 -0800 civileme <[EMAIL PROTECTED]> wrote: >> >>>Load up the honeyport for Nimda and the shutdown script for codered and >>>see what happens.... >>> >>Civileme, >> >>Where can I find the tools you're referring to...? I have my own >>(http://pfortin.com/Linux/HoneyPort -- needs updating ) and am interested >>in anyone else's defense mechanisms... >> >>As to reflecting/responding to an attack, here's my position: >>http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) >> >>Thanks, >>Pierre >> > >BTW, fwiw I found most of these kids are trying to get to my NETBios * i >do share a HDD with my g/f* and ssh/unix ports. Makes me wonder if it >isn't someone on one of the lists..cause this started not long after i >posted the info on the ftp. :\ > >*hopes i'm wrong...sigh* > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > Hmmm, I seem to recall Microsoft had an "anti-spoofing" feature for ISPs using NT that hit port 139 and shut you down if the response wasn't what the program thougt it should be (shut down linux workstations all over the parts of Alaska served by a cable modem company for a while, at intervals of 4 hours, and then a reboot into windows was necessary to get the link activated), but this sounds like lots more queries aimed at 139.
Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
