[ale] Kali linux

Justin Goldberg justgold79 at gmail.com
Thu Jan 1 18:44:17 EST 2015


I've seen on the nmap mailing list how to scan through tor using
proxychains. I've also seen methods that use torproxy.

The only issue is that there is no UDP support with tor. I2p _may_ support
UDP scanning, but I haven't looked into that.
On Jan 1, 2015 4:22 PM, "William Wylde" <durtybill at gmail.com> wrote:


Raj:
Yes, I  already use fail2ban on the box (you dhould have seen the number of
attempts before it was implemented).  But thank you for your input.  :-)
I probably do need to check that I've got all the latest patches for
apache, etc.   though.

Jim:
I had, nor do I have any intent to violate the attacing boxes, merely sniff
around for connections to suspect ports, nmapping them, and possinly
mapping and turning in whole blocks of bot-nets at a time- rather than just
one ip at a time.  I don't know whether that would be legal or not, it
really seems no more than what tracking cookies akready do to everybody
everyday.   But, I guess I could set up a script that would read the logs
and send an automated email to whatever the "abuse" contact in a reverse
dns lookup would be. I'm abslutely sure that would be legal..

Just not as satisfying.
On Jan 1, 2015 9:37 AM, "Jim Kinney" <jkinney at jimkinney.us> wrote:

> I understand the frustration. However, the only legal recourse is to block
> those attempts at your server. Any retaliatory action is both illegal and
> will violate the ToS of every ISP. There is no such thing as an Internet
> Stand Your Ground law.
>
> That said, you can set up a honeypot system and redirect all attacks to
> it. Or setup longer and longer delays in your firewall rules so every
> connection attempt takes exponentially longer to get the response back.
>
> On December 31, 2014 11:06:27 PM EST, William Wylde <durtybill at gmail.com>
> wrote:
>>
>> I run a personal webserver on an isolated connection, and my logs reveal
>> hundreds of failed log- in attempts (particularly from china).  Nmap of the
>> various ips reveal suspiciously open ports which make me think that the
>> attacks may be coming from a zombie-box.  I intensely hate bot-nets, and
>> have developed a desire to track them and destroy as many as I can find-
>> whomever is running them, thus I  have recently installed kali in an
>> openbox VM.  Anybody have any experience  with  using kali in tracking and
>> destroying such  nets?
>>
>> ------------------------------
>>
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> --
> Jim Kinney
> Linux Systems Analyst
> Physicist/Brewer
> http://jimkinney.us
>
> _______________________________________________
>
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150101/53c2c113/attachment.html>


More information about the Ale mailing list