If anyone is intrested I've got a script I put together when CodeRed was hammmering away. It sets up iptables or ipchains rules that block the offending site.
James On Fri, 24 May 2002 17:55:45 -0800 civileme <[EMAIL PROTECTED]> wrote: > Pierre Fortin wrote: > > >On Thu, 23 May 2002 23:15:52 -0800 civileme <[EMAIL PROTECTED]> > >wrote: > > > >>Load up the honeyport for Nimda and the shutdown script for codered > >>and see what happens.... > >> > > > >Civileme, > > > >Where can I find the tools you're referring to...? I have my own > >(http://pfortin.com/Linux/HoneyPort -- needs updating ) and am > >interested in anyone else's defense mechanisms... > > > >As to reflecting/responding to an attack, here's my position: > >http://pfortin.com/Linux/MSVTS/ -- in a nutshell: SELF-DEFENSE! :^) > > > >Thanks, > >Pierre > > > > > > > > > >-------------------------------------------------------------------- > >---- > > > >Want to buy your Pack or Services from MandrakeSoft? > >Go to http://www.mandrakestore.com > > > Thanks for the link--I have it bookmarked now. Unfortunately I hit > the "Send" button before I dredged it up, quite by accident. I like > the spirit of yours, kinda like my old spammers mailbox crush routine > before they got smart and didn't try to use the same mailbox twice. > > Civileme > > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
