Security....
Joel
rees at ddcom.co.jp
Thu Oct 28 03:11:30 UTC 2004
> > > >>I took a simpler approach.
> <<Snip> > >
> > > >>1. Setup iptables with the following
> > > >> iptables -A INPUT -i lo -j ACCEPT # this allows local loop
> > > >>interface to always work.
> > > >>Most clients, #1 above is enough to block all attacks.
> <<snip> > >
> > > >
> > > >
> >
> > Great thread guys...I do have to say...once I realized what Rodolfo was
> > describing I had to laugh. Very clever! Great mechanism! May need to
> look
> > into it for my stuff...
> >
> > -Eucke
> >
>
> I like the idea.. I might even take it a step beyond if I ever get any spare
> time. Just make the router send all ports I'm not using to a honeypot! Just
> have to get time to put one together... Any thoughts?
>
> Scott....
I have often wished i had the time.
One thing I would like to do is set apache up to feed the attempts to
get at command.com to a fake shell that disparages the guy on the other
end. Another is to reflect those 32k query strings back into the error
page.
And, since I'm a helpful sort of guy, it seems like it would be a
worthwhile project to write an automatic script that would at least try
to find the admin for 0wn3d boxes and send a warning e-mail.
If I had the time.
--
Joel <rees at ddcom.co.jp>
More information about the users
mailing list