[CentOS] Defending againts simultanious attacks

Thu Feb 15 21:15:40 UTC 2007
Walt Reed <wreed at vinq.com>

There is for ssh.


Denyhosts has a syncronization mode where you can share info back to the
community.


http://denyhosts.sourceforge.net/

See the faq for sync mode.


On Thu, Feb 15, 2007 at 11:27:05AM -0500, Drew Weaver said:
> I find it kind of odd that noone has come up with a 'RBL' for bots...
> 
> ISPs could easily receive routes via BGP from "some trusted source" that
> has NULL routes for all of the 'infected' hosts which are attacking
> people..
> 
> A few dozen honeypots and you would quickly have a large list of
> infected hosts in which to ignore entirely.
> 
> -Drew 
> 
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of chrism at imntv.com
> Sent: Thursday, February 15, 2007 11:10 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Defending againts simultanious attacks
> 
> John R Pierce wrote:
> > chrism at imntv.com wrote:
> >> That doesn't really have much affect anymore.  The bad people are now
> 
> >> scanning high ports looking for any sshd (or other service) that's 
> >> listening.
> >>
> >
> >
> > they aren't "people", they are virus/worms... blindly poking at ports 
> > and trying the same lame list of passwords.
> >
> > you can't make them stop, unless you control the entire world... just 
> > ignore the noise.
> 
> 
> I think everyone on the list is aware of the automated nature of the
> attacks.  And I *do* ignore the noise.
> 
> Cheers,
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

-- 
Walt Reed
wreed at vinq.com
Office: 207-753-7333
Cell: 207-577-0699
http://www.vinq.com