[Dshield] which ports does labrea like?
jsage at finchhaven.com
Tue Mar 19 15:22:14 GMT 2002
From: "Tom Liston" <tliston at premmag.com>
Organization: Prem Magnetics, Inc.
To: intrusions at incidents.org
Date: Mon, 18 Mar 2002 14:06:56 -0600
Subject: Version 2.4 Beta 2 of LaBrea available
I've just now released Beta 2 of version 2.4 of LaBrea. Unless I
hear a hue and cry from the multitudes, this will probably be the
2.4 release version.
Beta 2 incorporates a new, and far more efficient method of
excluding ports from being tarpitted. Also, excluded ports now
respond with a RST to inbound packets (note: this can be turned
off using the new "-f" option which makes excluded ports appear to
be firewalled...) Using this, you can create "machines" with only
specific ports open. A nice side effect is that it gives NMap fits
trying to figure out what operating system you're running...
There are also some bug fixes involving BPF filters (which a fish
brought that to my attention... thanks!) and a race condition
involving the "-L" option (which I discovered myself the hard way...)
Info and downloading links are at:
Most people don't type their own logfiles; but, what do I care?
On Mon, Mar 18, 2002 at 11:05:42PM -0800, Ram wrote:
> >This is changing in the beta.
> Que? Cool - got more info?
> >John Hardin <johnh at aproposretail.com>
> >Internal Systems Administrator voice: (425) 672-1304
> >Apropos Retail Management Systems, Inc. fax: (425) 672-0192
More information about the list