[Dshield] picnicking under flypaper (or near tar) (fwd)

Bob Hillegas bobhillegas at pdq.net
Thu Mar 14 05:55:49 GMT 2002

On second thought (can't wait for the third one :-)), how about 
integrating it with iptables and use LABREA as an additional target? This 
would make DROP look tame!!

Thanks, BobH

Date: Wed, 13 Mar 2002 23:47:32 -0600 (CST)
From: Bob Hillegas <bobh at rosestar.com>
To: list at dshield.org
Subject: Re: [Dshield] picnicking under flypaper (or near tar)

Let me know when I can use in on a dialup (only one ip, sorry) in place of 
"input DENY ppp0". That way I can do better than just DENY'ing access to 
ports using ipchains.


Bob Hillegas           
<bobhillegas at pdq.net> 

On Wed, 13 Mar 2002 list-request at dshield.org wrote:

 Subject: Re: [Dshield] picnicking under flypaper (or near tar)
 From: John Hardin <johnh at aproposretail.com>
 To: DShield mailing list <list at dshield.org>
 Date: 13 Mar 2002 11:46:37 -0800
 Reply-To: list at dshield.org
 On Wed, 2002-03-13 at 09:52, Ellen Clary wrote:
 > > No problem Susan. I actually do "picnic under flypaper" ;-) so to speak, in
 > > that I run it on the same bastion hosts as my MTAs and VPN servers.
 > You're braver than I am though it is tempting...
 I'm working with Tom to see whether LaBrea can be installed on the
 bastion host as a TCP server rather than on a standalone tarpit box as a
 virtual host. I'd rather run it on my outer firewall and redirect scans
 to it, and not let the traffic onto my boundary network at all...
 I'll report results.

More information about the list mailing list