Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Jun 2002 18:41:58 -0400
From:      Scott Ullrich <sullrich@CRE8.COM>
To:        'Klaus Steden' <klaus@compt.com>, freebsd-security@FreeBSD.ORG
Subject:   RE: automated blackholing
Message-ID:  <2F6DCE1EFAB3BC418B5C324F13934C96016C9E95@exchange.corp.cre8.com>
next in thread | raw e-mail | index | archive | help 
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21BD0.591CC380
Content-Type: text/plain;
	charset="iso-8859-1"

This may be a good job for D. J. Bernstein's ucspi-tcp.  Using a DNS server,
tcpserver (http://cr.yp.to/ucspi-tcp/tcpserver.html) and rblsmtpd
(http://cr.yp.to/ucspi-tcp/rblsmtpd.html).

I currently do this for spam but it would not be hard to hack this for your
situation.

Hope this helps,

Scott


> -----Original Message-----
> From: Klaus Steden [mailto:klaus@compt.com]
> Sent: Monday, June 24, 2002 6:36 PM
> To: freebsd-security@FreeBSD.ORG
> Subject: automated blackholing
> 
> 
> Hi,
> 
> I've got a situation with one of my servers at work that gets 
> script kiddies
> attempting to use it as a warez repository. It worked once, 
> for about three
> days, but I guess the hostname/address is still in someone's 
> list of good
> targets. I've been using tcpd to block access, but I'm 
> getting a little more
> annoyed by now and would like to start blackholing these 
> people as soon as
> they attempt to connect.
> 
> I've got my list of hosts to refuse - what's the best way to 
> automatically
> disappear when one of them tries to connect?
> 
> thanks,
> Klaus
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

------_=_NextPart_001_01C21BD0.591CC380
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: automated blackholing</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>This may be a good job for D. J. Bernstein's =
ucspi-tcp.&nbsp; Using a DNS server, tcpserver (<A =
HREF=3D"http://cr.yp.to/ucspi-tcp/tcpserver.html" =
TARGET=3D"_blank">http://cr.yp.to/ucspi-tcp/tcpserver.html</A>) and =
rblsmtpd (<A HREF=3D"http://cr.yp.to/ucspi-tcp/rblsmtpd.html" =
TARGET=3D"_blank">http://cr.yp.to/ucspi-tcp/rblsmtpd.html</A>).</FONT></=
P>

<P><FONT SIZE=3D2>I currently do this for spam but it would not be hard =
to hack this for your situation.</FONT>
</P>

<P><FONT SIZE=3D2>Hope this helps,</FONT>
</P>

<P><FONT SIZE=3D2>Scott</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>&gt; -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>&gt; From: Klaus Steden [<A =
HREF=3D"mailto:klaus@compt.com">mailto:klaus@compt.com</A>]</FONT>
<BR><FONT SIZE=3D2>&gt; Sent: Monday, June 24, 2002 6:36 PM</FONT>
<BR><FONT SIZE=3D2>&gt; To: freebsd-security@FreeBSD.ORG</FONT>
<BR><FONT SIZE=3D2>&gt; Subject: automated blackholing</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; Hi,</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; I've got a situation with one of my servers at =
work that gets </FONT>
<BR><FONT SIZE=3D2>&gt; script kiddies</FONT>
<BR><FONT SIZE=3D2>&gt; attempting to use it as a warez repository. It =
worked once, </FONT>
<BR><FONT SIZE=3D2>&gt; for about three</FONT>
<BR><FONT SIZE=3D2>&gt; days, but I guess the hostname/address is still =
in someone's </FONT>
<BR><FONT SIZE=3D2>&gt; list of good</FONT>
<BR><FONT SIZE=3D2>&gt; targets. I've been using tcpd to block access, =
but I'm </FONT>
<BR><FONT SIZE=3D2>&gt; getting a little more</FONT>
<BR><FONT SIZE=3D2>&gt; annoyed by now and would like to start =
blackholing these </FONT>
<BR><FONT SIZE=3D2>&gt; people as soon as</FONT>
<BR><FONT SIZE=3D2>&gt; they attempt to connect.</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; I've got my list of hosts to refuse - what's =
the best way to </FONT>
<BR><FONT SIZE=3D2>&gt; automatically</FONT>
<BR><FONT SIZE=3D2>&gt; disappear when one of them tries to =
connect?</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; thanks,</FONT>
<BR><FONT SIZE=3D2>&gt; Klaus</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
<BR><FONT SIZE=3D2>&gt; To Unsubscribe: send mail to =
majordomo@FreeBSD.org</FONT>
<BR><FONT SIZE=3D2>&gt; with &quot;unsubscribe freebsd-security&quot; =
in the body of the message</FONT>
<BR><FONT SIZE=3D2>&gt; </FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C21BD0.591CC380--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F6DCE1EFAB3BC418B5C324F13934C96016C9E95>