[Dshield] which ports does labrea like?

John Sage jsage at finchhaven.com
Tue Mar 19 15:22:14 GMT 2002


See this:

From: "Tom Liston" <tliston at premmag.com>
Organization: Prem Magnetics, Inc.
To: intrusions at incidents.org
Date: Mon, 18 Mar 2002 14:06:56 -0600
Subject: Version 2.4 Beta 2 of LaBrea available

I've just now released Beta 2 of version 2.4 of LaBrea.  Unless I 
hear a hue and cry from the multitudes, this will probably be the 
2.4 release version.

Beta 2 incorporates a new, and far more efficient method of 
excluding ports from being tarpitted.  Also, excluded ports now 
respond with a RST to inbound packets (note: this can be turned 
off using the new "-f" option which makes excluded ports appear to 
be firewalled...)  Using this, you can create "machines" with only 
specific ports open.  A nice side effect is that it gives NMap fits 
trying to figure out what operating system you're running...

There are also some bug fixes involving BPF filters (which a fish 
brought that to my attention... thanks!) and a race condition 
involving the "-L" option (which I discovered myself the hard way...)

Info and downloading links are at:



- John
Most people don't type their own logfiles;  but, what do I care?

On Mon, Mar 18, 2002 at 11:05:42PM -0800, Ram wrote:
> >This is changing in the beta.
> >
> Que? Cool - got more info? 
> >-- 
> >John Hardin                                   <johnh at aproposretail.com>
> >Internal Systems Administrator                    voice: (425) 672-1304
> >Apropos Retail Management Systems, Inc.             fax: (425) 672-0192

More information about the list mailing list