Security....

Joel rees at ddcom.co.jp
Thu Oct 28 03:11:30 UTC 2004


> > > >>I took a simpler approach.
> <<Snip> > >
> > > >>1.  Setup iptables with the following
> > > >>    iptables -A INPUT -i lo -j ACCEPT   # this allows local loop
> > > >>interface to always work.
> > > >>Most clients, #1 above is enough to block all attacks.
> <<snip> > >
> > > >
> > > >
> >
> > Great thread guys...I do have to say...once I realized what Rodolfo was
> > describing I had to laugh.  Very clever!  Great mechanism!  May need to
> look
> > into it for my stuff...
> >
> > -Eucke
> >
> 
> I like the idea.. I might even take it a step beyond if I ever get any spare
> time. Just make the router send all ports I'm not using to a honeypot! Just
> have to get time to put one together... Any thoughts?
> 
> Scott....

I have often wished i had the time. 

One thing I would like to do is set apache up to feed the attempts to
get at command.com to a fake shell that disparages the guy on the other
end. Another is to reflect those 32k query strings back into the error
page.

And, since I'm a helpful sort of guy, it seems like it would be a
worthwhile project to write an automatic script that would at least try
to find the admin for 0wn3d boxes and send a warning e-mail.

If I had the time.

-- 
Joel <rees at ddcom.co.jp>




More information about the fedora-list mailing list