On Thu, 28 Dec 2000, Burke, Thomas G. wrote:
> Hey all,
>
> The subject says it all, I have had a shitload of attempts on port
> 111 (sunrpc) lately... Is there some new bug on the r* stuff, or is it just
> that all the script kiddies are out on vacation? Anybody else notice this,
> or is it just me?
dunno about that. I get a weird one every couple of hours. a whole buncha
ips (from all over the place) just ping me. that's it. oh, and
occasionally they might try to do something else, like try to exploit
services...
> As an aside, I've added an (L)user link on my web site's main page
> (right below the firewall) that lists all the machines blocked from my
> machine (check out http://tomii.erols.com/lusers.txt)... Has anyone else
> ever done this? I ask as I'm sure there's a better way to do it than the
> way I did (I'm no scripter)...
that raised an interesting issue. we have spam rbl's, why not something
like ip rbl's? provide logs of the attempt, and then that ip is listed as
a dodgy source. then you can filter those ip's out (although that would be
a mamoth task with ipchains). just some extra piece of mind.
actually, I think that the benefits of this would outweigh the
disadvantages, over time anyway. it would restrict access, and dialup for
dialup accounts it would be pointless (to a certain extent). bad points
good points: it would increase the awareness of such stupid attacks, it
would force administrators to enforce stringent anti hack policies to
prevent ip's in their block from being listed, create another layer of
defence from attackers (or at least make it harder for attackers, which
should rule out some script kiddies)...
thoughts?
chris (quiet ramblings before bedtime)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
