[lug] Interesting Crash Report

Brad Doctor bdoctor at ps-ax.com
Tue Mar 20 20:39:30 MST 2001

I think there may be more to this than just your machine.  I have 47 active 
threats at present, from all over the world.  Most of them appear to be 
hacked linux boxes (ssh on odd ports), and all of them are port 
scanning.  I automatically deny them, but cannot share that code :(


At 08:33 PM 3/20/2001 -0700, D. Stimits wrote:
>Deva Samartha wrote:
> >
> > >  I've denied about two dozen
> > >/24 domains just because I dislike seeing anything hit port 111 (the
> > >first packet gets them blocked).
> >
> > That's really neat, if possible, would you mind sharing how you do that -
> > or name the software packages you use?
> >
> > Thanks,
> >
> > Samartha
> >
>John Starkey already gave the automated method, portsentry. I tend to
>use tail -f on /var/log/messages while connected, and have a separate rc
>file I list bans in. I just add the /24 by hand; with others there, I
>just copy and paste then substitute the ip address in ipchains rules. So
>I guess my app is vi :P
>Actually, I would say being paranoid about what my firewall logs and
>reading it quickly/acting on it is the number one tool.
>D. Stimits, stimits at idcomm.com
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list