[Dshield] Firewall that bites back??? Addendum

Jason Allen jallen at garden-city.org
Tue Nov 19 18:27:57 GMT 2002


I'm sorry, but once you start 'fighting back' you have done exactly what we
are here to prevent. You will drive yourself absolutely nuts trying to pay
back everyone in the world that is using a system maliciously. Lock your
doors. That doesn't mean that you have to stand around all day looking out
the peep hole either. Get a couple of good deadbolts and get some rest
knowing that you have done everything you can to make YOUR part of the world
a safer place. Don't fight back, just make it so their efforts are
fruitless. Keep your Karma in the green. 

-----Original Message-----
From: rilya byor [mailto:rilya1 at yahoo.com]
Sent: Monday, November 18, 2002 4:12 PM
To: list at dshield.org
Subject: Re: [Dshield] Firewall that bites back??? Addendum



--- Alberto Gonzalez <ag-dshield at cerebro.violating.us>
wrote:
> well, by "fighting" back, do you mean to attempt the
> same attack on the 
> src ip thats attacking you?

That's exactly what I meant...

> A method of fighting back would be to use something
> in the form of SnortSam w/ Snort (support for
> pf, ipchains, and iptables(coming soon)) to block
> packets based on alerts and or hogwash.

Which is exactly what I'll do when I get my new modem
to work with RedHat 7.2 ...
 
>i believe you mentioned your on winXP.. 

Wouldn't be if I could find some good ebay software
for Linux ...

>just trying to give you some ideas. Hope it Helps

It does. Tnx!
(BTW, the connection lockups were apparently being
caused by my now-former ISP, tho they went to their
death denying it!)
Rilya

> rilya byor wrote:
> 
> >As I was sending the above-mentioned email, my
> >connected locked up for the 6th time this morning,
> and
> >now the probes are coming in on other ports too. 
> >Here's the Outpost attack log for the last 15
> minutes:
> >
> >11/18/2002 9:46:04 AM	Connection request
> >200.165.212.179	UDP(137) 
> >11/18/2002 9:41:51 AM	Connection request
> 80.24.91.15
> >UDP(137) 
> >11/18/2002 9:33:59 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:33:31 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:33:14 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:33:03 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:32:23 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:32:02 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:31:57 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:31:42 AM	Connection request
> 61.188.126.1
> >UDP(137) 
> >11/18/2002 9:31:33 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:31:17 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:30:42 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:30:25 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:30:04 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:29:36 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:29:19 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:28:47 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:28:27 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:28:07 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:27:38 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:27:20 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:26:39 AM	Connection request
> >216.136.224.76	TCP(1357) 
> >11/18/2002 9:26:29 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:21:19 AM	Connection request
> 209.73.225.95
> >TCP(24541) 
> >11/18/2002 9:21:19 AM	Connection request
> >209.73.225.108	TCP(20239) 
> >11/18/2002 9:21:13 AM	Connection request
> 209.73.225.94
> >TCP(32105) 
> >11/18/2002 9:21:04 AM	Connection request
> 209.73.225.94
> >TCP(12064) 
> >11/18/2002 9:19:01 AM	Connection request
> 209.6.250.129
> >UDP(137) 
> >
> >
> >  
> >
> 
> -- 
> The secret to success is to start from scratch and
> keep on scratching.
> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal 
- For more information please visit www.nwtechusa.com
#####################################################################################




More information about the list mailing list