[No need to Cc: me; I read the list. Please respect my M-F-T ]
On Wed, Sep 04, 2002 at 07:45:14AM -0400, Anthony DeRobertis wrote:
>
> On Thursday, Aug 29, 2002, at 09:34 US/Eastern, Nathan E Norman wrote:
>
> >This is why all ISPs should apply filters at their ingress/egress
> >points. Unfort
On Thursday, Aug 29, 2002, at 09:34 US/Eastern, Nathan E Norman wrote:
This is why all ISPs should apply filters at their ingress/egress
points. Unfortunately, many do not.
While I don't want to start a flame war here, as all discussions of
this topic seem to become, I'd just like to point
Adam Majer wrote:
> I know. It is crazzy. I actually would like to see some sort of a
> better defence than just standing there uselessly. I mean, in real
> life if a country (community etc..) gets attacked by another, there is
> usually a "war" and someone is tought a lesson. But here, all we
> do
> Simple. Random IP-address block scans. Having the box live on the 'net
> alone guarantees that it will get some random hits. Prepare to see lot more
> of them from here-on.
>
> Script-kiddies, trying to find suitable hosts for their mass exploitation
> tools. Worms, eagerly propagating on th
On Thursday, 29 August 2002, at 16:57:09 +0100,
Dale Amon wrote:
> > I'll add another one to that: I started using syslogd-sql, which is a
> > modified version of "the" syslog 1.4.1 that also allows logging to a
> > MySQL database. I hope it is a step in the right direction to use
> > advances
On Wed, Aug 28, 2002 at 11:49:36AM +0200, Michael Renzmann wrote:
> I'll add another one to that: I started using syslogd-sql, which is a
> modified version of "the" syslog 1.4.1 that also allows logging to a
> MySQL database. I hope it is a step in the right direction to use
> advances SQL quer
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
>
> If you use Iptables and you block spoofed addresses with Iptables,
> will that stop the spoofing in their tracks, therefore decreasing the
> chance of a DOS?
No. For example, let's say someone manages to spoof "mailout.aol
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
> If you use Iptables and you block spoofed addresses with Iptables,
> will that stop the spoofing in their tracks, therefore decreasing the
> chance of a DOS?
Not necessarily. You can stop blind spoofing attacks where
ip's belon
does ."
- -Original Message-
From: Rolf Kutz [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 5:18 AM
To: [EMAIL PROTECTED] Debian. Org
Subject: Re: Mail relay attempts
* Quoting Jones, Steven ([EMAIL PROTECTED]):
> Ive found port sentry really good for detecting port s
* Quoting Jones, Steven ([EMAIL PROTECTED]):
> Ive found port sentry really good for detecting port scans and then routeing
> the return packets to no where.
That makes you open to DoS-Attacks. Someone could
scan you with spoofed source-IP and disconnect
your box. A tarpit is a much better aproac
Hi Peter.
Peter Cordes wrote:
[tarpit for attacking worms]
I remember hearing about people doing exactly that. Maybe it was mentioned
on /. or the local LUG mailing list (http://nslug.ns.ca/).
Sounds interesting. The LUG website is unreachable at the moment, but I
will dig the slashdot arch
On Wed, Aug 28, 2002 at 11:56:24AM +0200, Michael Renzmann wrote:
> Hi.
>
> Jones, Steven wrote:
> >Ive found port sentry really good for detecting port scans and then
> >routeing
> >the return packets to no where.
>
> As an addition to that idea: would it be possible to cause similar
> effects
Hi.
Jones, Steven wrote:
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
As an addition to that idea: would it be possible to cause similar
effects to HTTP-server worms with a modified tarpit? Maybe a modified
version of the kernel
Hi Dale.
Dale Amon wrote:
The only thing you can do is to make damn certain your box does not become
part of the problem.
I'll add to that: make sure you actually check your logs. I use syslog-ng to
bring all essential realtime logging to a hardened server;
I'll add another one to that: I st
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
:)
Thing
-Original Message-
From: Rolf Kutz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 28 August 2002 4:10
To: [EMAIL PROTECTED] Debian. Org
Subject: Re: Mail relay attempts
* Quoting Craig Sanders ([EMAIL PROTECTED]):
>
> PS: actually, the only other thing you could do is set firewall rules
> blocking inbound tcp port 25. if your mail server is the primary MX for
> your domain then you would also need a secondary MX and open the
> firewall for just that machine. sp
* Craig Sanders <[EMAIL PROTECTED]> [020827 17:07]:
> On Tue, Aug 27, 2002 at 06:12:51AM -0500, Daniel J. Rychlik wrote:
> PS: actually, the only other thing you could do is set firewall rules
> blocking inbound tcp port 25. if your mail server is the primary MX for
> your domain then you would al
On Tue, 27 Aug 2002 at 11:32:53PM +1000, Craig Sanders wrote:
> PS: actually, the only other thing you could do is set firewall rules
> blocking inbound tcp port 25. if your mail server is the primary MX for
> your domain then you would also need a secondary MX and open the
> firewall for just tha
On Tue, Aug 27, 2002 at 06:12:51AM -0500, Daniel J. Rychlik wrote:
> This is great, Just great. I run a mail server on dsl service
> provided by mabell. I wrote a perl script that mails me some reports
> on activities on my server everyday. I wake up this morning and I
> have an alarm.
> Obvious
On Tue, Aug 27, 2002 at 04:11:21PM +0300, Mika Bostr?m wrote:
> > Karl Breitner wrote:
> > >Welcome to the world of SPAMfighting
> > Our new server has an official IP since last saturday, and no domain
> > name pointing to it yet besides a dyndns-account I abused for testing
> > purpose. Within t
> Karl Breitner wrote:
> >Welcome to the world of SPAMfighting
> Our new server has an official IP since last saturday, and no domain
> name pointing to it yet besides a dyndns-account I abused for testing
> purpose. Within these three days of operation I had several persons
> trying to get acce
Hi Karl.
Karl Breitner wrote:
What can I say Daniel, except welcome to the harsh reality of a postmaster.
Hmm, as I'm to become a "postmaster" in a few days, too, I would like to
learn a bit more about that. Most probably this list is not intended for
"chat" like this, so I would be happy to
Daniel J. Rychlik wrote:
This is great, Just great. I run a mail server on dsl service
provided by mabell. I wrote a perl script that mails me some reports
on activities on my server everyday. I wake up this morning and I
have an alarm.
Obviously, non of these were relayed from my server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is great, Just great. I run a mail server on dsl service
provided by mabell. I wrote a perl script that mails me some reports
on activities on my server everyday. I wake up this morning and I
have an alarm.
Obviously, non of these were relaye
24 matches
Mail list logo
