[Dshield] Firewall that bites back??? Addendum

rilya byor rilya1 at yahoo.com
Tue Nov 19 00:11:49 GMT 2002


--- Alberto Gonzalez <ag-dshield at cerebro.violating.us>
wrote:
> well, by "fighting" back, do you mean to attempt the
> same attack on the 
> src ip thats attacking you?

That's exactly what I meant...

> A method of fighting back would be to use something
> in the form of SnortSam w/ Snort (support for
> pf, ipchains, and iptables(coming soon)) to block
> packets based on alerts and or hogwash.

Which is exactly what I'll do when I get my new modem
to work with RedHat 7.2 ...
 
>i believe you mentioned your on winXP.. 

Wouldn't be if I could find some good ebay software
for Linux ...

>just trying to give you some ideas. Hope it Helps

It does. Tnx!
(BTW, the connection lockups were apparently being
caused by my now-former ISP, tho they went to their
death denying it!)
Rilya

> rilya byor wrote:
> 
> >As I was sending the above-mentioned email, my
> >connected locked up for the 6th time this morning,
> and
> >now the probes are coming in on other ports too. 
> >Here's the Outpost attack log for the last 15
> minutes:
> >
> >11/18/2002 9:46:04 AM	Connection request
> >200.165.212.179	UDP(137) 
> >11/18/2002 9:41:51 AM	Connection request
> 80.24.91.15
> >UDP(137) 
> >11/18/2002 9:33:59 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:33:31 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:33:14 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:33:03 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:32:23 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:32:02 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:31:57 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:31:42 AM	Connection request
> 61.188.126.1
> >UDP(137) 
> >11/18/2002 9:31:33 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:31:17 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:30:42 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:30:25 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:30:04 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:29:36 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:29:19 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:28:47 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:28:27 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:28:07 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:27:38 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:27:20 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:26:39 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:26:29 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:21:19 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:21:19 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:21:13 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:21:04 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:19:01 AM	Connection request
> 209.6.250.129
> >UDP(137) 
> >
> >
> >  
> >
> 
> -- 
> The secret to success is to start from scratch and
> keep on scratching.
> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com




More information about the list mailing list