[ale] Kali linux
William Wylde
durtybill at gmail.com
Thu Jan 1 16:19:17 EST 2015
Raj:
Yes, I already use fail2ban on the box (you dhould have seen the number of
attempts before it was implemented). But thank you for your input. :-)
I probably do need to check that I've got all the latest patches for
apache, etc. though.
Jim:
I had, nor do I have any intent to violate the attacing boxes, merely sniff
around for connections to suspect ports, nmapping them, and possinly
mapping and turning in whole blocks of bot-nets at a time- rather than just
one ip at a time. I don't know whether that would be legal or not, it
really seems no more than what tracking cookies akready do to everybody
everyday. But, I guess I could set up a script that would read the logs
and send an automated email to whatever the "abuse" contact in a reverse
dns lookup would be. I'm abslutely sure that would be legal..
Just not as satisfying.
On Jan 1, 2015 9:37 AM, "Jim Kinney" <jkinney at jimkinney.us> wrote:
> I understand the frustration. However, the only legal recourse is to block
> those attempts at your server. Any retaliatory action is both illegal and
> will violate the ToS of every ISP. There is no such thing as an Internet
> Stand Your Ground law.
>
> That said, you can set up a honeypot system and redirect all attacks to
> it. Or setup longer and longer delays in your firewall rules so every
> connection attempt takes exponentially longer to get the response back.
>
> On December 31, 2014 11:06:27 PM EST, William Wylde <durtybill at gmail.com>
> wrote:
>>
>> I run a personal webserver on an isolated connection, and my logs reveal
>> hundreds of failed log- in attempts (particularly from china). Nmap of the
>> various ips reveal suspiciously open ports which make me think that the
>> attacks may be coming from a zombie-box. I intensely hate bot-nets, and
>> have developed a desire to track them and destroy as many as I can find-
>> whomever is running them, thus I have recently installed kali in an
>> openbox VM. Anybody have any experience with using kali in tracking and
>> destroying such nets?
>>
>> ------------------------------
>>
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> --
> Jim Kinney
> Linux Systems Analyst
> Physicist/Brewer
> http://jimkinney.us
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150101/4d326dd0/attachment.html>
More information about the Ale
mailing list