Re: Have you been hacked by f*ck PoizonBOx?
On Mon, Jun 04, 2001 at 08:48:42PM +0200, Michelle Konzack wrote:
> Am 23:53 03.06.2001 +0200 hat Alson van der Meulen geschrieben:
> >
> >On Sun, Jun 03, 2001 at 09:09:02PM +0200, Michelle Konzack wrote:
> >> Hello back,
>
> >just nullroute aol, you won't miss much interesting traffic that way
> >;)
>
> Cool idea...
>
> >btw: 172.16.0.0-172.32.255.255 are non-routable ip's, so i guess
> >they're outside that range?
>
> I do not know, where the beginning is, but at ARIN I have gotten
> the information that AOL use IP's up to 172.192.255.255.
alm:~$ whois 172.16.0.0
IANA (IANA-BBLK-RESERVED)
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
US
Netname: IANA-BBLK-RESERVED
Netblock: 172.16.0.0 - 172.31.255.255
this range is reserved for private, site local use
>
> >you could use something like snort and nullroute the ip's if snort
>
> What is snort ? - Never heared.
www.snort.org for more info, or apt-get install snort
apt-cache show snort to see a description
snort is a network intrusion detection system, can detect attacks and
stuff, there are some tools that can add an ipchains deny rule if an
alert is raised. look at snort.org, i guess it's in the contrib
section
>
> >gives an alert, but are you sure they're not ip spoofing?
>
> I have made a reverse lookup to the IP's.
they can sometimes spoof the source ip...
it can be quite painful if they spoof the ip so some other host will
be blocked, i.e. your isp's gateway, or even 127.0.0.1 if you don't
use rp_filter ;)
Cheers,
Alson
--
,-------------------------------------------.
> Name: Alson van der Meulen <
> Personal: alson@linuxfreak.nl <
> School: alson@gymnasiumleiden.nl <
`-------------------------------------------'
Nobody was using that file /vmunix, were they?
---------------------------------------------
Reply to: