[twsocket] Creatively annoying a host
My various web servers suffer regular attacks looking for exploits, the current one is looking for php, 100 odd URLs at a time including: GET //dbadmin/scripts/setup.php GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php GET //mysqlmanager/scripts/setup.php GET /muieblackcat In my ICS web server, I was wondering what sort of creative response I could make to these requests, to annoy or slow down the hackers? I could leave the connection open without sending a response? Or send a vast amount of rubbish data in response? Any other suggestions? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Creatively annoying a host
Angus Robertson - Magenta Systems Ltd wrote: My various web servers suffer regular attacks looking for exploits, the current one is looking for php, 100 odd URLs at a time including: GET //dbadmin/scripts/setup.php GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php GET //mysqlmanager/scripts/setup.php GET /muieblackcat In my ICS web server, I was wondering what sort of creative response I could make to these requests, to annoy or slow down the hackers? I would implement a short-time IP-blacklist. Those attacks are very common, I see them daily (even) on a dynamic IP. Most of them here probe for open proxies. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Creatively annoying a host
I like the idea of sending massive amounts of random data to them Have a banned URL list and anyone requesting one on the list gets the contents of war and peace over and over... Or something equally interesting... As long as you have no bandwidth constraints, this should be golden. Need to cause them pain and flogging is not properly transmitted via IP traffic... :) Any way to do some creative routing and point them back at themselves? Matt -Original Message- From: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] On Behalf Of Angus Robertson - Magenta Systems Ltd Sent: Wednesday, July 06, 2011 12:44 PM To: twsocket@elists.org Subject: [twsocket] Creatively annoying a host My various web servers suffer regular attacks looking for exploits, the current one is looking for php, 100 odd URLs at a time including: GET //dbadmin/scripts/setup.php GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php GET //mysqlmanager/scripts/setup.php GET /muieblackcat In my ICS web server, I was wondering what sort of creative response I could make to these requests, to annoy or slow down the hackers? I could leave the connection open without sending a response? Or send a vast amount of rubbish data in response? Any other suggestions? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Creatively annoying a host
My various web servers suffer regular attacks looking for exploits, the current one is looking for php, 100 odd URLs at a time including: GET //dbadmin/scripts/setup.php GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php GET //mysqlmanager/scripts/setup.php GET /muieblackcat In my ICS web server, I was wondering what sort of creative response I could make to these requests, to annoy or slow down the hackers? I could leave the connection open without sending a response? Or send a vast amount of rubbish data in response? Any other suggestions? Just delay the answer for a couple second, this will slow down the probing. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
