OT - Firewall suggestion

Smart,Dan SmartD at VMCMAIL.COM
Thu Nov 11 23:03:05 GMT 2004


I suggest you run a Labrea, a sticky honeypot that slows down all scans with
it tarpitting tricks.  It will automatically find all unused IP addresses in
the local subnet, and answer for all these Ips, tarpitting all callers.

http://labrea.sourceforge.net/labrea-info.html

<<Dan>>




>  -----Original Message-----
>  From: MailScanner mailing list
>  [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steve Campbell
>  Sent: Thursday, November 11, 2004 3:50 PM
>  To: MAILSCANNER at JISCMAIL.AC.UK
>  Subject: Re: [MAILSCANNER] OT - Firewall suggestion
>
>  OK, so maybe I'm overly excited about a little of nothing.
>  For the most part, the no-logging takes care of most of
>  this. The DROP will happen next when I need it. Based on my
>  log files, it seemed a lot bigger than 11/sec, and it may
>  have been originally.
>
>  Anyways, thanks for all the great suggestions and help.
>
>  END OF THREAD
>
>  Steve Campbell
>
>
>  ----- Original Message -----
>  From: "Ugo Bellavance" <ugob at CAMO-ROUTE.COM>
>  To: <MAILSCANNER at JISCMAIL.AC.UK>
>  Sent: Thursday, November 11, 2004 4:08 PM
>  Subject: Re: OT - Firewall suggestion
>
>
>  > Steve Campbell wrote:
>  > > I agree. This  is what I was hoping the ISP could do,
>  and also maybe
>  > > do
>  a
>  > > little legal prompting/investigative work.
>  >
>  > For 11 packets/sec?  I doubt it, especially since it is
>  not all the
>  > same the same IP.  I think your best bet is DROP packets.
>  >
>
>  ------------------------ MailScanner list
>  ------------------------ To unsubscribe, email
>  jiscmail at jiscmail.ac.uk with the words:
>  'leave mailscanner' in the body of the email.
>  Before posting, read the MAQ
>  (http://www.mailscanner.biz/maq/) and the archives
>  (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).




More information about the MailScanner mailing list