[SGVLUG] Who is that knocking on my ports?
Bao Ha
bao at hacom.net
Mon Jan 12 18:09:09 PST 2009
I would just use the fail2ban package. Then, sit back and watch the
frustration building up on the other side.
One time there was a kid from Pakistan. I watched him tried 6 times, got
banned for 20 minutes, came back and tried again and again. I could image
him sitting in front of the computer, running a script for 12-16 hours
straight, went to sleep and tried again the next day. After 3 days, he did
not come back.
Bao
On Mon, Jan 12, 2009 at 5:50 PM, John E. Kreznar <jek at ininx.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Emerson, Tom \(*IC\)" <Tom.Emerson at wbconsultant.com> writes:
>
> > 3) generate, in real time, an e-mail report of the breakin attempt --
> > one e-mail per attempt :)
>
> Another thing you can do is launch an nmap scan against the offending
> address. This has often enough led to prompt cessation of the attack
> that I think it's actually sometimes noticed on the other end in real
> time.
>
> - --
> John E. Kreznar jek at ininx.com 9F1148454619A5F08550 705961A47CC541AFEF13
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
>
> iD8DBQFJa/NnYaR8xUGv7xMRAhJ5AJ9xPKzW3kQakRcTpFPOqcajAjNTPgCeMop6
> yUVoPiqavO2LRrYdUb5DVic=
> =gCzM
> -----END PGP SIGNATURE-----
>
>
--
Best Regards.
Bao C. Ha
Hacom OpenBrick Distributor USA http://www.hacom.net
voice: (714) 564-9932
8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20090112/08d1d387/attachment.html
More information about the SGVLUG
mailing list