[Dshield] picnicking under flypaper (or near tar) (fwd)

John Hardin johnh at aproposretail.com
Thu Mar 14 17:11:49 GMT 2002


On Wed, 2002-03-13 at 21:55, Bob Hillegas wrote:
> 
> On second thought (can't wait for the third one :-)), how about 
> integrating it with iptables and use LABREA as an additional target? This 
> would make DROP look tame!!

Well, that end result is my goal. Right now I have PortSentry detecting
scans and adding the source to a DENY list. If I get this working the
way I want, then PortSentry all TCP traffic from the source of the scan
will be redirected to the LaBrea tarpit daemon instead.

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "Rather than form a federation with Microsoft and work with what we
  had already created, there was this notion that the world should be
  offered an alternative."
                     - Craig Mundie, Microsoft CTO,
                       puzzled by non-MS-owned .NET user data services
-----------------------------------------------------------------------
 62 days until Star Wars episode II: Attack of the Clones




More information about the list mailing list