Re: What to do with attackers?

[Gene Heskett <gene.heskett@verizon.net>]

On Friday 04 November 2005 08:29, Rakotomandimby Mihamina wrote:
>> Have you considered setting up a firewall?  The best thing to do with
>> attackers is drop their packets.
>
>I dont aggree. Dorpping is not _the best_.
>He has the choice to REJECT or to DROP. It's a bit different.
>I'd vote for REJECTing.

Sorry, I don't agree.  Rejecting the attackers packets just confirms
that you are indeed there.  I'd much druther just be a black hole, a
bottomless bit bucket per sei.  I drop them with iptables, and I have
tcpwrappers and portsentry standing guard also.  Only 3 instances in 3
years have made it as far as having portsentry write a new hosts.deny
rule line.  2 of those got past iptabes because they came from a verizon
dns server I was using but had been kitted.  I send vz a nastygram, and
they re-image the box till the next time.

>--
>A powerfull GroupWare: CPS (http://www.cps-project.org)
>A powerfull CMS      : CPS (http://www.cps-project.org)
>opengroupware, SPIP, Plone, PhpBB, JetSpeed... are good.
>CPS is better.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Free OpenDocument reader/writer/converter download:
http://www.openoffice.org
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.