crazy hackers and logwatch
Nathan Grennan
fedora-test-list at cygnusx-1.org
Mon Aug 8 16:58:23 UTC 2005
On Mon, 2005-08-08 at 09:25 -0500, Jason L Tibbitts III wrote:
> >>>>> "JC" == Justin Conover <justin.conover at gmail.com> writes:
>
> JC> Is it stupid when someone is trying to get on your box, leaves the
> JC> ip and has a website on that ip ;-)
>
> Yes, but most of these hosts have been hacked and are just running
> automated tools to find other hackable boxes.
>
> To protect yourself, install denyhosts from extras, tune it to your
> environment and enjoy the satisfaction of having these be blocked
> automatically.
>
> I hope to have an updated version of denyhosts checked into extras
> soon.
That sounds like auto-shunning, a term that Dan Kaminsky, uses. You are
basically allowing the cracker add rules. Auto-shunning + IP Spoofing =
Nastiness. They could say spoof your default gateway, root dns servers,
the dns servers you use, etc. Then you automatically block those things
that you need access to. They can also do this to you so that they can
pretend to be you. They just get you to block the people that they want
to appear to you to. The reverse is also possible. They get you to block
your bank and then pretend to be your bank to phish you.
http://www.doxpara.com/Black_Ops_Of_TCPIP_2005.ppt
More information about the fedora-test-list
mailing list