> On Fri, 10 Aug 2001, Richard B. Johnson wrote:
> > I have about 20 megabytes of logs showing the machine being
> > attacked from inside our firewall. Each time an attack occurred,
> > I would firewall-out its phony IP address (ipchains). A few hours
> > later the cycle repeated with another phony IP address.
> Instead of trying to see WTF was going on and fixing the problem instead
> of symptoms? _Real_ smart... Or, at least, block everything except the boxen
> that have any business accessing it? You know, with explicit "accept" rules
> in the beginning of the chain with catch-all "reject" after them...
Or at least use something like portsentry. Suspicious packets? Block
first, ask questions later.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/