Hosting Provided By

Re: [ANNOUNCE] protocol watcher

From: Justin Pryzby <justinpryzby(at)users.sourceforge.net>
Date: Thu May 22 2003 - 15:23:30 EDT

This is noted in the README. I have recommended that people use it only on dedicated "honeypots", or at least on client machines, rather than on mission-critical servers :)

One can always use iptables --rate, but, like I said, I'm unable to tests it very well atm. I think that, as written, synfloods are equivalent to fork bombs (very bad because now people don't even need a shell account); but it's my list of things to do: make the accept() non-blocking, and if a response isn't heard within $TIME then log the attack, which is known to be a SYN attack! This both avoids the fork bomb and notifies the admin of the (special) attack.

Non-SYN attacks are also bad, but the primary problem is disk access and disk space.

Please Cc: me,
Justin

On Thu, May 22, 2003 at 03:10:00PM +0000, Jerry Shenk wrote:
>
> That does sound like a pretty decent idea. I know when I pen-test a Raptor

Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents

Received on Fri May 23 13:24:43 2003

This message: [ Message body ]
Next message: Gary Flynn: "Re: A question for the list..."
Previous message: lists(at)khimich.com: "Re: DDoS Attack"
Maybe in reply to: Justin Pryzby: "[ANNOUNCE] protocol watcher"
In reply to Jerry Shenk: "RE: [ANNOUNCE] protocol watcher"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:06 EDT

Do you need help?