> > > >>I took a simpler approach. > <<Snip> > > > > > >>1. Setup iptables with the following > > > >> iptables -A INPUT -i lo -j ACCEPT # this allows local loop > > > >>interface to always work. > > > >>Most clients, #1 above is enough to block all attacks. > <<snip> > > > > > > > > > > > > > > Great thread guys...I do have to say...once I realized what Rodolfo was > > describing I had to laugh. Very clever! Great mechanism! May need to > look > > into it for my stuff... > > > > -Eucke > > > > I like the idea.. I might even take it a step beyond if I ever get any spare > time. Just make the router send all ports I'm not using to a honeypot! Just > have to get time to put one together... Any thoughts? > > Scott.... I have often wished i had the time. One thing I would like to do is set apache up to feed the attempts to get at command.com to a fake shell that disparages the guy on the other end. Another is to reflect those 32k query strings back into the error page. And, since I'm a helpful sort of guy, it seems like it would be a worthwhile project to write an automatic script that would at least try to find the admin for 0wn3d boxes and send a warning e-mail. If I had the time. -- Joel <rees@xxxxxxxxxxx>
