[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Proactive action against hack attempts

Subject: Re: [cobalt-users] Proactive action against hack attempts
From: "Rick Ewart" <rick@xxxxxxxxx>
Date: Fri Jan 12 20:18:55 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Craig wrote:
> I'd personally install portsentry <if you haven't already> at the *very*
> least... I'm working on IP chains for one of my boxes at the moment.. <bit
> of a trick> but at least install portsentry to monitor/block TCP
> probes/scans..

Actually, I have it all installed - ipchains, port sentry, log check, ssh,
disabled telnet, etc... That's part of how I know that they are scanning me.
But, it doesn't stop them from trying to FTP in and keep trying different
usernames. The above listed programs don't help much for intrusion attempts
on legitimate services. That is more my concern now, not scans as they get
killed anyhow.

Whenever I see someone has been trying to FTP the box or something, I
manually kill them, but I think taking out foreign countries, it would
simplify the process some.

Any chance you might be willing to give me the list of IPs you developed
from Korea, off list? It might save me some time and be a good starting
place.

Thanks.
Rick Ewart

Follow-Ups:
- Re: [cobalt-users] Proactive action against hack attempts
  - From: Zeffie

Prev by Date: [cobalt-users] RaQ4: cgi-bin above document root?
Next by Date: Re: [cobalt-users] RAQ3 Logs
Previous by thread: [cobalt-users] Proactive action against hack attempts
Next by thread: Re: [cobalt-users] Proactive action against hack attempts

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index