|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Compromised Box -
From: John Crowhurst (FyreMoon
FYREMOON.NET)Date: Tue Oct 31 2000 - 22:09:55 CST
- Next message: Leonard Dupray: "Re: firewalls on single boxes ?"
- Previous message: Carlos Nilton (Bill): "Re: System User Shells"
- In reply to: Andrew Blogg: "Re: Compromised Box -"
- Next in thread: J C Lawrence: "Re: Compromised Box -"
- Reply: John Crowhurst: "Re: Compromised Box -"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> If you want to track and see if an attack happens again on this port, I
> would run something else on that port which simply closes the connection and
> states "Your attempt has been logged" and actually log the IP address date
> and time that a connection was made from.
There is a much crueler way of doing this, make the script print "segmentation
fault" and log his IP, and possibly his ident.
The hacker would think that his script has barfed. he might try again a few
times.
Telling the hacker that he is being logged serves very little purpose. You
want to catch him red handed.
Regards,
John Crowhurst
- Next message: Leonard Dupray: "Re: firewalls on single boxes ?"
- Previous message: Carlos Nilton (Bill): "Re: System User Shells"
- In reply to: Andrew Blogg: "Re: Compromised Box -"
- Next in thread: J C Lawrence: "Re: Compromised Box -"
- Reply: John Crowhurst: "Re: Compromised Box -"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]