"J. Dow" <[EMAIL PROTECTED]> writes:
> {O.O} <-- Eeek, kill her in case she's contagious!
Nahhh those ==> {O.O} don't look like worms. And what could someone
that innocent looking be carrying... he he.
Hey Jo, I have a scheme to bounce off you, and any body who wants to
add an opinion.
I wanna play in this mess with my nifty log scanning tools but my
hardware firewall just drops the connect attempts on 80. I see them
but I don't get to see the nifty buffer overflow stuff that gets
stuffed in. I run no web server so my hardware just drops the
connections and reports it.
Following things on comp.os.linux.security it looks like there has
been one or several mutations that are starting to act differently.
Reports posted there seem to indicate a general hefty increase in
frequency like it could get really serious.
Any way, I thought about firing up my laptop, jacking into my home net
work and NATing http connects through the firewall to it.
Fire up apache and a log catching mechanism and tinker with the show
while it goes on. Sort of safer in that the laptop has nothing
important on it and I could firewall it from the other two with
iptables. Just incase newer nastier critters come into play.
One problem is that the laptop is running FreeBSD (4.3) and I never
bothered with a firewall. I know nothing about netfilter or whatever
FreeBSD calls it. So wondered if your pet firewall (Trinity?) has a
version for FreeBSD that sets up easily. All it would need to do is
monitor port 80 since upstream hardware handles other trouble. Then I
could have live action to tailor my shell/awk stuff with.
And could watch the changing fortunes of `Code red' and maybe stand
some chance of keeping up with the big boys on comp.os.linux.security
before I get told to go to my room.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
