[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have you been hacked by f*ck PoizonBOx?

On Mon, Jun 04, 2001 at 08:48:42PM +0200, Michelle Konzack wrote:
> Am 23:53 03.06.2001 +0200 hat Alson van der Meulen geschrieben:
> >
> >On Sun, Jun 03, 2001 at 09:09:02PM +0200, Michelle Konzack wrote:
> >> Hello back,
> >just nullroute aol, you won't miss much interesting traffic that way
> >;)
> Cool idea...
> >btw: are non-routable ip's, so i guess
> >they're outside that range?
> I do not know, where the beginning is, but at ARIN I have gotten 
> the information that AOL use IP's up to

alm:~$ whois
   Internet Assigned Numbers Authority
   4676 Admiralty Way, Suite 330
   Marina del Rey, CA 90292-6695

   Netblock: -

this range is reserved for private, site local use
> >you could use something like snort and nullroute the ip's if snort
> What is snort ? - Never heared.
www.snort.org for more info, or apt-get install snort

apt-cache show snort to see a description

snort is a network intrusion detection system, can detect attacks and
stuff, there are some tools that can add an ipchains deny rule if an
alert is raised. look at snort.org, i guess it's in the contrib
> >gives an alert, but are you sure they're not ip spoofing?
> I have made a reverse lookup to the IP's.
they can sometimes spoof the source ip...

it can be quite painful if they spoof the ip so some other host will
be blocked, i.e. your isp's gateway, or even if you don't
use rp_filter ;)

> Name:           Alson van der Meulen      <
> Personal:       alson@linuxfreak.nl       <
> School:       alson@gymnasiumleiden.nl    <
Nobody was using that file /vmunix, were they?

Reply to: