[Dshield] Firewall that bites back??? Addendum

Tom Liston tliston at premmag.com
Thu Nov 21 17:27:26 GMT 2002


If you have specific questions on LaBrea, perhaps I can help...

-TL

On 20 Nov 2002 at 19:16, rilya byor wrote:

> Will have to check out SANS SF!  
> I got my external modem to work, no problem, on my
> entirely Linux box, which is where I am now, and in
> fact am about to install LaBrea--maybe Ed can give me
> a quickie overview of how to set it up and run it?  
> My new ISP really does have an abuse desk--I sent them
> part of the thread about the ongoing netbios probes
> and they immediately set up a filter to screen out
> netbios!  These people do not kid around when it comes
> to stuff like that--and when you call their support
> line, you get a real techie who has a multiboot OS
> just like yours!
> ****Anybody in Westchester County, NY, I HIGHLY
> recommend Westnet.com in Rye--they may serve parts of
> Connecticut too, I'm not sure.
> 
> --- Alberto Gonzalez <ag-dshield at cerebro.violating.us>
> wrote:
> > woa, ISP's have abuse desks? <grin>
> > 
> > 
> > Ed Truitt wrote:
> > 
> > >What you are proposing is more in the line of
> > "First, we have a bit of sport
> > >with it - THEN we kill it".  IMNSHO, it is good,
> > clean fun to mess with
> > >3133t hAx0r worms and the like through these
> > methods.  In fact, that is
> > >(sort of) why I like LaBrea - not only can I do my
> > civic duty by slowing
> > >down these things, but I can also put the current
> > activity live, on a web
> > >site, for others to look at.  (Never underestimate
> > the power of humiliation
> > >and ridicule.)  However, if you were to respond to
> > a portscan by launching a
> > >DDoS attack against the scanner, now that would
> > produce bad karma - and
> > >possibly an email / call from your ISP's abuse
> > desk.
> > >
> > >Hmmm, that gives me an idea - maybe I will try and
> > set up a "Don't let the
> > >b*****ds get you down" BoF at SANS SF, where some
> > of us can discuss this.
> > >
> > >Cheers,
> > >Ed Truitt
> > >PGP fingerprint:  5368 D25E 468C A250 9833  CCD6
> > DBAE 9C25 02F9 0AB9
> > >http://www.etee2k.net
> > >http://www.bsatroop148.org
> > >
> > >"Note to spammers:  my 'delete' key is connected to
> > YOUR ISP.
> > > Also, if you send me UCE, I reserve the right to
> > post your spew
> > >on my Web site, with the appropriate color
> > commentary, so that
> > >others may have a good laugh at your expense."
> > >
> > >  
> > >
> > >  
> > >
> > 
> > -- 
> > The secret to success is to start from scratch and
> > keep on scratching.
> > 
> > 
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or
> > unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list