[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mail relay attempts

On Wed, Aug 28, 2002 at 11:56:24AM +0200, Michael Renzmann wrote:
> Hi.
> Jones, Steven wrote:
> >Ive found port sentry really good for detecting port scans and then 
> >routeing
> >the return packets to no where.
> As an addition to that idea: would it be possible to cause similar 
> effects to HTTP-server worms with a modified tarpit? Maybe a modified 
> version of the kernel httpd: whenever a worm attack drops in the 
> response will be a normal website containing a bogus content (no 404), 
> coming over the line character by character with a huge delay. Comments?

 I remember hearing about people doing exactly that.  Maybe it was mentioned
on /. or the local LUG mailing list (http://nslug.ns.ca/).

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to: