I know they have software that does this. I'm just not sure which one it is. Basically here's the scoop. I'm on a cable modem connection with Comcast. I have a firewall router and I run a firewall on CentOS as well. All the same, other computers (probably zombies or hackers) are attempting brute force attacks on a couple of ports on my computer. I've just sat and watched them for some time. Not thinking that much of it. But I'd like to actually do something about it and inform the ISPs of said computers that that computer is compromised or being used by a hacker. I know there is software out there that will monitor your logs, reverse trace the IP address, and contact the ISP saying that at X time on X day X IP address tried to brute force hack my machine. I guess it's one of those things where I'm sick of seeing it come up in my security log, so I'd like to start sending email to the ISPs to tell them to do their job and enforce their rules for all the Windoze users out there. But I don't want to take the time to do it manually. Any suggestions?
Preston
I know there is software out there that will monitor your logs, reverse trace the IP address, and contact the ISP saying that at X time on X day X IP address tried to brute force hack my machine. I guess it's one of those things where I'm sick of seeing it come up in my security log, so I'd like to start sending email to the ISPs to tell them to do their job and enforce their rules for all the Windoze users out there. But I don't want to take the time to do it manually. Any suggestions?
Take a look at http://www.dshield.org/
-jeff
Preston Crawford me@prestoncrawford.com wrote:
I have a firewall router
<OT-Comment> Is it a "Router" or a 'Ritter? http://thebs413.blogspot.com/2005/07/ritters-because-most-natpat-devices.htm... </OT-Comment>
and I run a firewall on CentOS as well.
Does either have an intrusion detection system (IDS) or some other form of real-time packet and/or non-real-time log analysis?
I guess it's one of those things where I'm sick of seeing
it
come up in my security log, so I'd like to start sending email to the ISPs to tell them to do their job and enforce their rules for all the Windoze users out there.
Well, most ISPs already have thin margins to work on. But yes, the larger providers should be contacted, especially when a major block of theirs is infected.
But I don't want to take the time to do it manually. Any suggestions?
I already saw someone mention DShield.ORG, which seems to be the most popular right now.
On more corporate networks with ununsed IPs, I like to use various port fakers that accept a SYN, but don't accept their ACK. That keeps the zombies tied up and busy, expoentially reducing the number of hosts they can attack.
Preston Crawford wrote:
I know they have software that does this. I'm just not sure which one it is. Basically here's the scoop. I'm on a cable modem connection with Comcast. I have a firewall router and I run a firewall on CentOS as well. All the same, other computers (probably zombies or hackers) are attempting brute force attacks on a couple of ports on my computer. I've just sat and watched them for some time. Not thinking that much of it. But I'd like to actually do something about it and inform the ISPs of said computers that that computer is compromised or being used by a hacker. I know there is software out there that will monitor your logs, reverse trace the IP address, and contact the ISP saying that at X time on X day X IP address tried to brute force hack my machine. I guess it's one of those things where I'm sick of seeing it come up in my security log, so I'd like to start sending email to the ISPs to tell them to do their job and enforce their rules for all the Windoze users out there. But I don't want to take the time to do it manually. Any suggestions?
Could you bend something like denyhosts.sf.net to do the job?
There is an EL4 package at http://centos.karan.org/el4/extras/stable/i386/RPMS/
-
Bryan J. Smith -
Jeff Coleman -
Karanbir Singh -
Preston Crawford