On Fri, 24 May 2002 17:53:02 -0800 civileme <[EMAIL PROTECTED]> wrote:
> FemmeFatale wrote: > > >Pierre Fortin wrote: > > > >>On Thu, 23 May 2002 23:15:52 -0800 civileme <[EMAIL PROTECTED]> > >>wrote: > >> > >>>Load up the honeyport for Nimda and the shutdown script for codered > >>>and see what happens.... > >>> > >>Civileme, > >> > >>Where can I find the tools you're referring to...? I have my own > >>(http://pfortin.com/Linux/HoneyPort -- needs updating ) and am > >>interested in anyone else's defense mechanisms... > >> > >>As to reflecting/responding to an attack, here's my position: > >>http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! > >>:^) > >> > >>Thanks, > >>Pierre > >> > > > >BTW, fwiw I found most of these kids are trying to get to my NETBios > >* i do share a HDD with my g/f* and ssh/unix ports. Makes me wonder > >if it isn't someone on one of the lists..cause this started not long > >after i posted the info on the ftp. :\ > > > >*hopes i'm wrong...sigh* > > > > > >-------------------------------------------------------------------- > >---- > > > >Want to buy your Pack or Services from MandrakeSoft? > >Go to http://www.mandrakestore.com > > > Hmmm, I seem to recall Microsoft had an "anti-spoofing" feature for > ISPs using NT that hit port 139 and shut you down if the response > wasn't what the program thougt it should be (shut down linux > workstations all over the parts of Alaska served by a cable modem > company for a while, at intervals of 4 hours, and then a reboot into > windows was necessary to get the link activated), but this sounds > like lots more queries aimed at 139. > > Civileme > *nods* Got those ports being attacked too, as well as looking for SSH ports & Some other obscure ports Unix/linux uses. I don't know why though... whats 139???? Sorry i'm sorta half-aware/educated on security (hangs my head sheepishly). Help? Femme > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
