[Dshield] picnicking under flypaper (or near tar) (fwd)

John Hardin johnh at aproposretail.com
Thu Mar 14 17:11:49 GMT 2002

On Wed, 2002-03-13 at 21:55, Bob Hillegas wrote:
> On second thought (can't wait for the third one :-)), how about 
> integrating it with iptables and use LABREA as an additional target? This 
> would make DROP look tame!!

Well, that end result is my goal. Right now I have PortSentry detecting
scans and adding the source to a DENY list. If I get this working the
way I want, then PortSentry all TCP traffic from the source of the scan
will be redirected to the LaBrea tarpit daemon instead.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "Rather than form a federation with Microsoft and work with what we
  had already created, there was this notion that the world should be
  offered an alternative."
                     - Craig Mundie, Microsoft CTO,
                       puzzled by non-MS-owned .NET user data services
 62 days until Star Wars episode II: Attack of the Clones

More information about the list mailing list