[Dshield] picnicking under flypaper (or near tar)

Tim Pierce tim at qrsparadigm.com
Wed Mar 13 19:07:51 GMT 2002


Exactly Ellen, "scan over here and DoS yourself"! Just another way of
"fighting back".

But better than amusing, I really believe that if software of this sort was
deployed on a substantial portion of unused address space then mass scans
would be dramatically reduced. If you have the opportunity, I recommend
reading what the author has to say about it, you can find it at
http://www.threenorth.com/LaBrea/ .

Tim Pierce


-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
Ellen Clary
Sent: Wednesday, March 13, 2002 12:53 PM
To: list at dshield.org
Subject: [Dshield] picnicking under flypaper (or near tar)



> From: "Tim Pierce" <tim at qrsparadigm.com>
> To: <list at dshield.org>
> Subject: RE: [Dshield] yea LaBrea must have moved
> Date: Wed, 13 Mar 2002 09:54:19 -0500
>
> No problem Susan. I actually do "picnic under flypaper" ;-) so to speak,
in
> that I run it on the same bastion hosts as my MTAs and VPN servers.

You're braver than I am though it is tempting...


> I also pickup all sorts to RPC portmap requests, DNS version
> queries, etc. to machines that don't exist. I gotta admit I derive a
certain
> pleasure from that, knowing that someone out there if being frustrated, or
> wondering what the heck is going on when a portmapper scan that should
take
> only an instant to complete hangs for twenty or thirty minutes if not
> indefinitely.

You know it just occurred to me that you're taking about a DoS aimmed at
crackers.  Amusing.

Ellen Clary

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list