Date: Mon, 24 Jun 2002 18:41:58 -0400 From: Scott Ullrich <sullrich@CRE8.COM> To: 'Klaus Steden' <klaus@compt.com>, freebsd-security@FreeBSD.ORG Subject: RE: automated blackholing Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C96016C9E95@exchange.corp.cre8.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] This may be a good job for D. J. Bernstein's ucspi-tcp. Using a DNS server, tcpserver (http://cr.yp.to/ucspi-tcp/tcpserver.html) and rblsmtpd (http://cr.yp.to/ucspi-tcp/rblsmtpd.html). I currently do this for spam but it would not be hard to hack this for your situation. Hope this helps, Scott > -----Original Message----- > From: Klaus Steden [mailto:klaus@compt.com] > Sent: Monday, June 24, 2002 6:36 PM > To: freebsd-security@FreeBSD.ORG > Subject: automated blackholing > > > Hi, > > I've got a situation with one of my servers at work that gets > script kiddies > attempting to use it as a warez repository. It worked once, > for about three > days, but I guess the hostname/address is still in someone's > list of good > targets. I've been using tcpd to block access, but I'm > getting a little more > annoyed by now and would like to start blackholing these > people as soon as > they attempt to connect. > > I've got my list of hosts to refuse - what's the best way to > automatically > disappear when one of them tries to connect? > > thanks, > Klaus > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> <TITLE>RE: automated blackholing</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>This may be a good job for D. J. Bernstein's ucspi-tcp. Using a DNS server, tcpserver (<A HREF="http://cr.yp.to/ucspi-tcp/tcpserver.html" TARGET="_blank">http://cr.yp.to/ucspi-tcp/tcpserver.html</A>) and rblsmtpd (<A HREF="http://cr.yp.to/ucspi-tcp/rblsmtpd.html" TARGET="_blank">http://cr.yp.to/ucspi-tcp/rblsmtpd.html</A>).</FONT></P>; <P><FONT SIZE=2>I currently do this for spam but it would not be hard to hack this for your situation.</FONT> </P> <P><FONT SIZE=2>Hope this helps,</FONT> </P> <P><FONT SIZE=2>Scott</FONT> </P> <BR> <P><FONT SIZE=2>> -----Original Message-----</FONT> <BR><FONT SIZE=2>> From: Klaus Steden [<A HREF="mailto:klaus@compt.com">mailto:klaus@compt.com</A>]</FONT> <BR><FONT SIZE=2>> Sent: Monday, June 24, 2002 6:36 PM</FONT> <BR><FONT SIZE=2>> To: freebsd-security@FreeBSD.ORG</FONT> <BR><FONT SIZE=2>> Subject: automated blackholing</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> Hi,</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> I've got a situation with one of my servers at work that gets </FONT> <BR><FONT SIZE=2>> script kiddies</FONT> <BR><FONT SIZE=2>> attempting to use it as a warez repository. It worked once, </FONT> <BR><FONT SIZE=2>> for about three</FONT> <BR><FONT SIZE=2>> days, but I guess the hostname/address is still in someone's </FONT> <BR><FONT SIZE=2>> list of good</FONT> <BR><FONT SIZE=2>> targets. I've been using tcpd to block access, but I'm </FONT> <BR><FONT SIZE=2>> getting a little more</FONT> <BR><FONT SIZE=2>> annoyed by now and would like to start blackholing these </FONT> <BR><FONT SIZE=2>> people as soon as</FONT> <BR><FONT SIZE=2>> they attempt to connect.</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> I've got my list of hosts to refuse - what's the best way to </FONT> <BR><FONT SIZE=2>> automatically</FONT> <BR><FONT SIZE=2>> disappear when one of them tries to connect?</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> thanks,</FONT> <BR><FONT SIZE=2>> Klaus</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=2>> with "unsubscribe freebsd-security" in the body of the message</FONT> <BR><FONT SIZE=2>> </FONT> </P> </BODY> </HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F6DCE1EFAB3BC418B5C324F13934C96016C9E95>