Re: counteracting an attack?
:-> "Erich" == Erich Schubert <erich.schubert@mucl.de> writes:
>> The goal is reached, bad guys stay out, but I'd prefer to somehow
>> make portsentry check the data as well. I prefer to know if
>> someone scanned my network. Most of the information can be read
>> from the firewall logs, but it would require a big bunch of
>> scripts (pretty much rewriting portsentry) to see the big picture
>> with many scans.
> For that i use logcheck and do log as few as possible.
That's what I do, too, but I'd like to be able to set up something
more "real time", in the sense that I won't get to read nightly logs
until the morning after, and by that time the scripy kiddies already
are gone.
> But i've stopped caring much about script kiddies scanning my network;
> it happens too often and i can't do anything about it but log...
That's not true. If you have been scanned, you can always complain to
the provider of the abuser; if they receive more than one complaint,
hopefully they'll terminate his account. Having a script that does
half the work for you is a time saver in this case. You just have to
get the result of the script and mail it to the proper addresses
(which may be possible to do automatically, but not so easy because
not every provider puts email addresses in whois database)
> Greetings,
> Erich
Pf
--
-------------------------------------------------------------------------------
Pierfrancesco Caci | ik5pvx | mailto:p.caci@tin.it - http://gusp.dyndns.org
Firenze - Italia | Office for the Complication of Otherwise Simple Affairs
Linux penny 2.4.1 #1 Sat Feb 3 20:43:54 CET 2001 i686 unknown
Reply to: