Re: What to do with attackers?

To: debian-user@lists.debian.org
Subject: Re: What to do with attackers?
From: Jon Dowland <lists@alcopop.org>
Date: Fri, 4 Nov 2005 16:15:55 +0000
Message-id: <[🔎] 20051104161555.GJ18229@alcopop.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200511040930.30375.gene.heskett@verizon.net>
References: <[🔎] 436B4319.4010805@ares.dyndns.biz> <[🔎] 436B50E5.90005@ithacafreesoftware.org> <[🔎] 1131110985.2367.17.camel@localhost.localdomain> <[🔎] 200511040930.30375.gene.heskett@verizon.net>

On Fri, Nov 04, 2005 at 09:30:30AM -0500, Gene Heskett wrote:
> Sorry, I don't agree.  Rejecting the attackers packets just confirms
> that you are indeed there.

Unless you are rejecting all traffic on all ports (so that rules out any
server then) they'll know you are there anyway.

> 2 of those got past iptabes because they came from a verizon dns
> server I was using but had been kitted.  I send vz a nastygram, and
> they re-image the box till the next time.

I remember you writing this in a previous message. Quite an interesting
entry-vector!

-- 
Jon Dowland
http://jon.dowland.name/

Reply to:

Follow-Ups:
- Re: What to do with attackers?
  - From: Gene Heskett <gene.heskett@verizon.net>

References:
- What to do with attackers?
  - From: Thomas <jade@ares.dyndns.biz>
- Re: What to do with attackers?
  - From: Mitch Wiedemann <mitch@ithacafreesoftware.org>
- Re: What to do with attackers?
  - From: Rakotomandimby Mihamina <mihamina.rakotomandimby@etu.univ-orleans.fr>
- Re: What to do with attackers?
  - From: Gene Heskett <gene.heskett@verizon.net>

Prev by Date: Re: What to do with attackers?
Next by Date: Re: Getting Apache to transfer .sh file instead of trying to execute it as CGI
Previous by thread: Re: What to do with attackers?
Next by thread: Re: What to do with attackers?
Index(es):
- Date
- Thread