Server Probing

Thu Jan 31 23:17:07 UTC 2013

OK, I have installed fail2ban and added to the default filters
apache-verboten4got
apache-myadmin
apache-wootwoot

What is *.apnic.* ?

THANKS again!!!!

Né§t☼r

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Tom Burke
Sent: Thursday, January 31, 2013 2:03 PM
To: General Red Hat Linux discussion list
Subject: Re: Server Probing

Unless you have permission, that's exactly what it is.  Why else would you be rattling their firewall, except to probe their vulnerabilities?

And if you're probing their vulnerabilities without permission, then why are you doing it?

IIRC, there is, in fact, legal precedence on this, too.

On a related note, I used to drop *.apnic.* into my filters, and that got rid of over 80% of the door rattling.

Of course, it pretty much blocked everyone in China, Japan, New Zealand, Australia, and so on..

On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey < geofrey.rainey at enterpriseit.co.nz> wrote:

> I just don't think rattling locks and peeking in windows is analogous 
> to sending a few tcp packets to a server on the internet really.
>
> On 02/01/2013 01:20 AM, Tom Curl wrote:
>
>> Unless you have permission from the owner of the server, you should 
>> be banned. Gee, I just think I'll rattle the locks on your doors and 
>> peak through your windows just to see what you are doing Geofrey.
>>
>>
>>
>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote:
>>
>>> I don't think i'd advise permanently blocking IP's - sometimes I 
>>> nmap an IP just because I am interested to see what's running or 
>>> whatever but wouldn't expect to be "banned" for doing this...
>>>
>>>
>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote:
>>>
>>>> Yeah, even my small home server which is not advertised anywhere 
>>>> gets scanned daily. They are always trying to brute force into FTP, 
>>>> or SSH. I use iptables to block those IPs completely.
>>>>
>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <NFlorez at sdcwa.org>
>>>> wrote:
>>>>
>>>>  THANKS!!!
>>>>>
>>>>> Né§t☼r
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: redhat-list-bounces at redhat.com [mailto:
>>>>> redhat-list-bounces at redhat.com**] On Behalf Of m.roth at 5-cent.us
>>>>> Sent: Tuesday, January 29, 2013 2:30 PM
>>>>> To: General Red Hat Linux discussion list
>>>>> Subject: RE: Server Probing
>>>>>
>>>>> Florez, Nestor wrote:
>>>>>
>>>>>> [mailto:redhat-list-bounces@**redhat.com<redhat-list-bounces at redh
>>>>>> at.com>]
>>>>>> On Behalf Of Florez, Nestor
>>>>>>
>>>>>>  I will take a look at fail2ban
>>>>>>>
>>>>>> You guys mentioned fail2ban, Does redhat has it available? Where?
>>>>>>
>>>>> epel.
>>>>>
>>>>>           mark
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe 
>>>>> mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat
>>>>> .com>
>>>>> ?subject=unsubscribe
>>>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.
>>>>> redhat.com/mailman/listinfo/redhat-list>
>>>>>
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe 
>>>>> mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat
>>>>> .com>
>>>>> ?subject=unsubscribe
>>>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.
>>>>> redhat.com/mailman/listinfo/redhat-list>
>>>>>
>>>>>  --
>>> redhat-list mailing list
>>> unsubscribe 
>>> mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.c
>>> om>
>>> ?subject=unsubscribe
>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.re
>>> dhat.com/mailman/listinfo/redhat-list>
>>>
>>
>>
> --
> redhat-list mailing list
> unsubscribe 
> mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com
> >
> ?subject=unsubscribe
> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redh
> at.com/mailman/listinfo/redhat-list>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list