[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IIS worms and apache



On Tue, 10 Aug 2004 20:50:13 +1000, Russell Coker writes:
>Maybe the thing to do would be to write a server that establishes the HTTP 
>protocol and then sets the TCP window size to zero (to tar-pit connections).  
>Such a server program could listen on every IP address that's not used for a 
>real web server and tie up resources on the zombie machines without wasting 
>space in log files.

Why limit yourself to HTTP?

http://packages.debian.org/testing/net/labrea
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
a "sticky" honeypot and IDS

LaBrea takes over unused IP addresses, and creates virtual servers that
 are attractive to worms, hackers, and other denizens of the Internet.
 The program answers connection attempts in such a way that the machine
 at the other end gets "stuck", sometimes for a very long time. 
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

cheers,
&rw
-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /


Attachment: pgpJC9yxH0dXn.pgp
Description: PGP signature


Reply to: