[CentOS] Defending againts simultanious attacks

Thu Feb 15 16:27:05 UTC 2007
Drew Weaver <drew.weaver at thenap.com>

I find it kind of odd that noone has come up with a 'RBL' for bots...

ISPs could easily receive routes via BGP from "some trusted source" that
has NULL routes for all of the 'infected' hosts which are attacking
people..

A few dozen honeypots and you would quickly have a large list of
infected hosts in which to ignore entirely.

-Drew 

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of chrism at imntv.com
Sent: Thursday, February 15, 2007 11:10 AM
To: CentOS mailing list
Subject: Re: [CentOS] Defending againts simultanious attacks

John R Pierce wrote:
> chrism at imntv.com wrote:
>> That doesn't really have much affect anymore.  The bad people are now

>> scanning high ports looking for any sshd (or other service) that's 
>> listening.
>>
>
>
> they aren't "people", they are virus/worms... blindly poking at ports 
> and trying the same lame list of passwords.
>
> you can't make them stop, unless you control the entire world... just 
> ignore the noise.


I think everyone on the list is aware of the automated nature of the
attacks.  And I *do* ignore the noise.

Cheers,
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos