[prev in list] [next in list] [prev in thread] [next in thread]
List: mandrake-expert
Subject: Re: [expert] HACKED?
From: daRcmaTTeR <mdw1982 () mdw1982 ! dyndns ! org>
Date: 2002-06-29 12:34:18
[Download RAW message or body]
Lyvim Xaphir wrote:
> On Fri, 2002-06-28 at 13:15, daRcmaTTeR wrote:
>
>
>>what I do with them when I get their IP address I put it in the
>>/etc/hosts.deny file and they never get a second chance at my server. I
>>make two entries for the one.
>
>
> Whew...I run Portsentry and the /etc/hosts.deny gets updated
> automatically, and at machine speeds. It also gives them a cute message
> on the port they're scanning before they get locked out. I.E:
>
> PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION
> ATTEMPT HAS BEEN LOGGED. GO AWAY."
>
>
> After that the scan attempt is saved to logfile, which I eventually keep
> on CD.
>
> Legit services arent affected.
>
>
>
>> 1) 61.56.8.254
>> 2) 61.56.8.0
>>
>>the second entry is that in case they're using a dialup and the last octet
>>changes then they're not getting back in cause that entire subnet is being
>>blocked.
>>
>>--
>>daRmaTTeR
>
>
> HTH, LX
yeah...my machine works the same way on "scan attempts" however I don't
have unauthorized ftp server attempts automated that way. I like to know
about those and if I automate that process sooner or later I'd forget
about it even happening and I might get lazy and sloppy and then...well,
bad things happen when people get lazy and sloppy, ya know?
--
daRcmaTTeR
----------
Registered Linux User 182496
["message.footer" (text/plain)]
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic