From owner-freebsd-questions@FreeBSD.ORG Fri Oct 9 22:38:37 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 761FD1065672 for ; Fri, 9 Oct 2009 22:38:37 +0000 (UTC) (envelope-from aaflatooni@yahoo.com) Received: from web56204.mail.re3.yahoo.com (web56204.mail.re3.yahoo.com [216.252.110.213]) by mx1.freebsd.org (Postfix) with SMTP id 1548E8FC1D for ; Fri, 9 Oct 2009 22:38:36 +0000 (UTC) Received: (qmail 15331 invoked by uid 60001); 9 Oct 2009 22:38:36 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1255127916; bh=Mrthhl+28I8UHnlVAmHmj/HHx4UPxSCJS5vimaFBOFY=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=TKPfDuC2xxDvvSHVoAZAlhVlQGZAHyvlBQNdIVPFBRv5e1SdnIPa70e3qs7o6Fyy7gZ74rClCckklGHrmM0V/a8bFc0DwjulogWq0Hk+H7ObxFbTAY8jZ42qGDNoL9tPkO0y5gDDhR6edYIO3h6HSeQ863lGj+Ny4QNd+qDqi8c= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=NRoKZIOmUVfijsMPvCA0DPZJp9LLpDVkIUhakYyOjCD1jjYmzI3pdUDVAzDoJNgnp1OPDcjaJFiBQkKH7H2VvnfLUCVKHJV7xlM7OEkoXnH1b3mUOQxBk79MD/gXb4BDT/IRndgH+h7j8P7RNkxKdGfRhDSX/2/KLcJJOHuzClE=; Message-ID: <493986.15275.qm@web56204.mail.re3.yahoo.com> X-YMail-OSG: BmBwL18VM1k0XTieTrgMIfCZcG5EqwjO6VjquEEcxNw3ClOx2Uc_VQlkdCGCfLRyYb_XwOSjgqgHzbm_XImsw.0pm72NsM8JqCEvVFjO6SSgjXGOFu5bZr4rFbm8p7ham53SXdyMnPQJ32tYjzB3G8lXY24.HVVgXlbUbcdhZ9SLGIqzLKf3qH.lIpqw.6UtkUh0Flc.sWDiZBfeIlgM76Yx33k7P3_pvFIsxE9tRvItvqW7eXQLXSbxYq4XBNb4f8kHxkbY3YmRgmTQ5fzp5dh_5ahRBsvDjd0FRXqjexiYNfsGg_g0peoYYwT0Cfp1bnPqI0wzi40Rs02scRVK.ldm3reZqj.qHH77wwOhPMJXgX8vTkSbP7lxNKuSjBcAbzE09iDD5Ci9plwigq8dRw9pV6g- Received: from [69.172.83.42] by web56204.mail.re3.yahoo.com via HTTP; Fri, 09 Oct 2009 15:38:36 PDT X-Mailer: YahooMailRC/182.10 YahooMailWebService/0.7.347.3 References: <526808.11391.qm@web56207.mail.re3.yahoo.com> <6201873e0910091448h46c13ce4h2e9df8920a8fe27a@mail.gmail.com> <20742_1255125211_4ACFB0DB_20742_1553_2_70C0964126D66F458E688618E1CD008A08CCED3B@WADPEXV0.waddell.com> Date: Fri, 9 Oct 2009 15:38:36 -0700 (PDT) From: Aflatoon Aflatooni To: freebsd-questions@freebsd.org In-Reply-To: <20742_1255125211_4ACFB0DB_20742_1553_2_70C0964126D66F458E688618E1CD008A08CCED3B@WADPEXV0.waddell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Security blocking question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 22:38:37 -0000 =0A=0A=0A=0A----- Original Message ----=0A> From: Gary Gatten =0A> To: Adam Vande More ; Aflatoon Aflatoon= i =0A> Cc: freebsd-questions@freebsd.org=0A> Sent: Fr= i, October 9, 2009 5:53:10 PM=0A> Subject: RE: Security blocking question= =0A> =0A> I might also add, if it's only a handful that have legitimate acc= ess=0A> requirements, maybe black hole all ip's from locations (countries, = etc.)=0A> they'll never be in.=A0 We see a lot of bad traffic from well, ce= rtain=0A> countries and we simply null route them.=A0 Or if I feel like pla= ying a=0A> bit I'll route them to a tar-pit and honey pot just to see what = they do.=0A> Pretty entertaining sometimes! :)=0A> =0A> =0A=0AMy experience= has been that honeypot is good to catch internal hackers. =0AI have also n= oticed that we get dictionary attacks from zombies in North America. I have= managed to capture a Perl script that they use and it just retransmits the= command from the IP of the server that have the Perl script installed.=0A= =0A=0A