[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Proactive action against hack attempts

Subject: [cobalt-users] Proactive action against hack attempts
From: "Craig Napier" <craignapier@xxxxxxxxxxx>
Date: Thu Jan 11 11:07:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I have been watching my log reports for the last week now, and have noticedthat 99% of the attack attempts on my system are from abroad. Are IPssegregate by country or anything?

I guess somewhat - I got so tired of seeing daily (hourly) probes from NorthKorea that I've pretty much blocked the whole damn country <north and southsince I have no clients from Korea>... For me, Korea was one of the worseabusers... Far more than any other location... I spent a good 1-3 hourslooking up IP blocks that I gathered from repeated attacks and justblack-holed 'em all in hosts.deny... Seems to have helped as the scans fromKorea have almost stopped completly.

I'd personally install portsentry <if you haven't already> at the *very*least... I'm working on IP chains for one of my boxes at the moment.. <bitof a trick> but at least install portsentry to monitor/block TCPprobes/scans..


Cheers!
Craig Napier

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Prev by Date: Re: [cobalt-users] RaQ3 OS Restore
Next by Date: [cobalt-users] Zope & SSL on Raq 3
Previous by thread: RE: [cobalt-users] Frontpage setup using IP address only
Next by thread: Re: [cobalt-users] Proactive action against hack attempts

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index