[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-expert
Subject:    Re: [expert] HACKED?
From:       daRcmaTTeR <mdw1982 () mdw1982 ! dyndns ! org>
Date:       2002-06-29 12:34:18
[Download RAW message or body]

Lyvim Xaphir wrote:
> On Fri, 2002-06-28 at 13:15, daRcmaTTeR wrote:
> 
> 
>>what I do with them when I get their IP address I put it in the 
>>/etc/hosts.deny file and they never get a second chance at my server. I 
>>make two entries for the one. 
> 
> 
> Whew...I run Portsentry and the /etc/hosts.deny gets updated
> automatically, and at machine speeds.  It also gives them a cute message
> on the port they're scanning before they get locked out. I.E:
> 
> PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION
> ATTEMPT HAS BEEN LOGGED. GO AWAY."
> 
> 
> After that the scan attempt is saved to logfile, which I eventually keep
> on CD.
> 
> Legit services arent affected.
> 
>  
> 
>>	1) 61.56.8.254
>>	2) 61.56.8.0
>>
>>the second entry is that in case they're using a dialup and the last octet 
>>changes then they're not getting back in cause that entire subnet is being 
>>blocked. 
>>
>>-- 
>>daRmaTTeR
> 
> 
> HTH, LX

yeah...my machine works the same way on "scan attempts" however I don't 
have unauthorized ftp server attempts automated that way. I like to know 
about those and if I automate that process sooner or later I'd forget 
about it even happening and I might get lazy and sloppy and then...well, 
bad things happen when people get lazy and sloppy, ya know?

-- 
daRcmaTTeR
----------
Registered Linux User 182496



["message.footer" (text/plain)]

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com


[prev in list] [next in list] [prev in thread] [next in thread]