[Cialug] denyhosts logging LOTS of attacks
Barry Von Ahsen
barry at vonahsen.com
Tue May 13 16:46:50 CDT 2008
sounds like a great meeting topic: the 10 things you can do to make the
k1dd13s go somewhere else - as Josh and Chris mentioned, if the russian
mafia/nsa wants you, or you're as high profile as Linus, you're boned
or a best-practices discussion?
(never mind, security is scheduled for next month)
-barry
Josh More wrote:
> nmap has a great many useful switches. :)
>
> You can also do neat stuff with netcat.
>
> I am sure that there are turn key systems for distributed scans, but I
> just look at the number of IPs I have to work with and whip up few lines
> of perl to randomly scatter ports into N files, and use those files to
> feed to nmap. Everything dumps to a "results file", which is then
> merged when all scans complete. It's not robust, but it IS sneaky, and
> that matters more for this sort of thing.
>
> One thing to consider: if I can do this quickly and easily, what do you
> think that the organized crime rings are up to? Might want to harden
> your boxes. :)
>
>
>
> -Josh More, RHCE, CISSP, NCLP, GIAC
> morej at alliancetechnologies.net
> 515-245-7701
>
>>>> "Nathan Stien" <nathanism at gmail.com> 05/13/08 1:41 PM >>>
> On Tue, May 13, 2008 at 1:13 PM, Josh More
> <morej at alliancetechnologies.net> wrote:
>> When I scan a system, I do slow scans (weeks-long)
>> originating from numerous IPs across all possible ports.
>
> Is there some turn-key solution for that, or do you just have your own
> scripts?
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list