[Dshield] picnicking under flypaper (or near tar)

Erick Brockway ebrockway at earthlink.net
Wed Mar 13 21:15:19 GMT 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	I actually do use the Windows version;
http://www.hackbusters.net/LaBrea/lbathome.html
and it seems to hold them connected for an hour or so. Most of the
connections seem to simply be infected machines on autopilot trying
to spread nimda as far as possible. Haven't seen a real hack attempt
with a hacker behind it.
	It'd be nice if there were a little more to the proggie for Windows,
but it seems to fit nicely between the Firewall and the internet,
responding to the connection attempts even as the Firewall blocks
access to my web server.
	If you look around in;
http://online.securityfocus.com/cgi-bin/tools.pl?cat=15
you'll find all kinds of similar tools.
	Here's a good one if you set Perl up on a standalone box;
http://all.net/dtk/ "DTK simply listens for inputs and provides
responses that seem normal (i.e., full of bugs). In the process, it
logs what is being done, provides sensible (if not quite perfect)
answers, and lulls the attacker into a false sense of (your)
insecurity." 
	Lol, wish I had a spare box to play with.

- -----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf
Of
Ellen Clary
Sent: Wednesday, March 13, 2002 9:53 AM
To: list at dshield.org
Subject: [Dshield] picnicking under flypaper (or near tar)



> From: "Tim Pierce" <tim at qrsparadigm.com>
> To: <list at dshield.org>
> Subject: RE: [Dshield] yea LaBrea must have moved
> Date: Wed, 13 Mar 2002 09:54:19 -0500
>
> No problem Susan. I actually do "picnic under flypaper" ;-) so to
> speak, in that I run it on the same bastion hosts as my MTAs and
> VPN servers.  

You're braver than I am though it is tempting...


> I also pickup all sorts to RPC portmap requests, DNS version
> queries, etc. to machines that don't exist. I gotta admit I derive
> a certain pleasure from that, knowing that someone out there if
> being frustrated, or wondering what the heck is going on when a
> portmapper scan that should take only an instant to complete hangs
> for twenty or thirty minutes if not indefinitely.

You know it just occurred to me that you're taking about a DoS aimmed
at
crackers.  Amusing.

Ellen Clary

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPI/Aa5kmeTuuwg2cEQK3vACgm+oEbzkI+OWOfOcozZvHsM1SkxMAoOKB
5oJZ0EYeh6vptn2ORxTmLXge
=i6GI
-----END PGP SIGNATURE-----




More information about the list mailing list