On Dec 10, 2008, at 9:15 AM, [EMAIL PROTECTED] wrote: > I really don't consider this a waste of time. Having some remote > machine pound > away for hour's just hoping to break a web acct pasword is something I > want to avoid.
But that's not what you're describing as the problem. You original post says the problem is a 404 error. 404 errors do nothing to help/ hinder someone in terms of cracking passwords. > I really don't want to see my machine being used to advertise > videos or fake purple pils. If they're getting 404s then it isn't being so used. > If I do something to stop them, then they need > to use another bot to continue their attack. Where's the "attack" here, exactly? > I do realize that this may be an effort in futility, but until it's > tried, > are you sure it won't help? "This has all happened before. It will all happen again" You aren't the first, and won't be the last and you're welcome to throw your time and energy into that particular black-hole, but you won't come out of it, in the long run, happy. Unless you're different from everyone who's been down that road before. :-) > I really don't care about how much noise is in my log files. What I > care about is someone hitting on a successful brute force that make > even more work for me in cleaning up after the fact. At home it's > just > a cleanup. At $work it leads to various reports and possible > political > issues that I'd prefer to avoid if I can. Some examples? It's fairly easy in most environments to say "There are always spiders and bots on the web who are looking for URLs that don't exist, and 404 errors do not necessarily represent broken links on our end, but can also represent poor attempts to guess our web hierarchy by others." > There are some things that I might also consider hostile to start. > ex: someone attempting to pull ../../ repeat many times ../etc/passwd > attempts to pull various application config files etc, take a look > at what nikto or nessus scan for. People don't need to be doing > that to my home machine. I don't care if they get blocked for acting > what I consider hostile. On some machines I'd be more accepting of > small amounts of bad behaviour. If you want to start blocking based on "hostile acts" such as clearly attempting to compromise the host via exploits, that's a whole different ball of wax. It's still going to be, largely, an exercise in futility (because most of those hosts are compromised home windows boxes, and those windows boxes are probably getting new IP addresses every couple of days from their upstream provider via DHCP). I understand what you're trying to accomplish, but -- from my personal experience, anyway -- the reward-to-cost ratio is just too low to be worth doing. YMMV. Cheers, D _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
