[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] H4CK3R5

Subject: Re: [cobalt-users] H4CK3R5
From: "Roger Dunk" <roger@xxxxxxxxx>
Date: Tue Feb 20 01:33:24 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Easy. Several people on this list (myself included) have noticed a large
number of port-scans originating from Korean IPs. It's far easier to block
all these IPs, rather than have to do a complete re-install because some
script kiddie with way to much time on their hands, hacked into and
destroyed the system. And when you look at the web logs and determine the
percentage of Koreans actually visiting your web site, as compared to the
(much larger) percentage of Koreans portscanning you, you realise it makes
sense to block them all :)

Cheers...

----- Original Message -----
From: "Joshua Kim" <developer@xxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, February 15, 2001 4:13 AM
Subject: Re: [cobalt-users] H4CK3R5


> Just out of curiosity... any reason why you want to block Korean IPs?
> I'm a Korean-American web-developer working in CA, and I just can't help
> being curious. That's all. Thanks.
>
>
> > > How do i deny a whole country ?
> > >
> > > i want to add the whole of korea in my host.deny file
> > >
> > > is this possible?
> >
> > Now, we're talking... I proposed this a few weeks ago and didn't get
> much
> > response. Since then I have done a little homework. You can just put a
> line
> > like this:
> > ALL: .kr
> >
> > That will take care of anyone who your server is able to resolve the
> name
> > on - can't do it for a lot the our little friends. Also, hosts.deny
> only
> > affects things protected with wrappers - which includes http, ftp,
> etc. This
> > means scans are still possible and so is the BIND exploit, I believe
> (based
> > on a comment I read a little while ago on this list). So, it is far
> from
> > being a panacea.
> >
> > HOWEVER, you COULD use IPchains, which could kill everything - so I
> > understand. The problem here is that you have to do it via IP
> address...
> > Can't just stick in .kr - how I'd love to! Craig Napier gave me a copy
> of
> > his list where he took the time to lookup all of the Korean ips,
> apparently.
> > He might be willing to share with others if you ask nicely... :)
> >
> > If anyone knows a program that will work like IPchains but with domain
> > names, I would LOVE to know about it.... I am not holding my breath
> though,
> > as it seems realtively impossible/difficult due to the need to resolve
> IPs
> > backwards.
> >
> > HTH.
> > Rick
> >
> > P.S. Rodolfo - off topic but I will find the article about switched
> networks
> > being sniffable and post it ASAP
> >
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] H4CK3R5
  - From: Rick Ewart
- Re: [cobalt-users] H4CK3R5
  - From: Joshua Kim

Prev by Date: RE: [cobalt-users] Services - Raq3
Next by Date: RE: [cobalt-users] Services - Raq3
Previous by thread: Re: [cobalt-users] H4CK3R5
Next by thread: Re: [cobalt-users] H4CK3R5

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index