..The man driven by his demons is the easiest of all to lead or corrupt through his desperation. The man content with himself and his world is least likely to succumb to temptation. Threaten the latter with that which he holds most dear and he will bend...
-- -Domino
According to the Mayan calender, we are all done in
4 years, 222 days, 1 hour, 51 minutes, and 59 seconds   
Crime (19)
Culture (64) Entertainment (116) Food & Drink (80) General (202) Hypocrites (37) IslamoFascists (59) Middle East (13) Music (20) Observations (311) Photos (88) Politics (53) Racism (5) Religion (5) RightThink (85) Sports (13) Technology (113) Terrorism (47) The Left (68) Travel (64) U.S. (33) World (53) Worm Hole (90) 
May 2008
April 2008 March 2008 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 December 2006 October 2006 July 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 |
04.29.07
In Case You Were Wondering...
...how to configure a Linux firewall protecting a publicly-accessible (boundary, DMZ) network to detect worms' and attackers' scanning activity and react in real time to block and interfere with that scanning activity. A discussion of reporting tools and possible extensions is also included, with details for setting up an SMTP-only tarpit... You need to skip on over here My friend John D. Hardin needs his own blog. Good Stuff!!! 
Comments
Y'know, I was looking at some stuff like this, back in January when some assholes broke into my server. I found an old project that used GeoIP to firewall incoming traffic based on the source's geographical location. Imagine the security benefits of blocking out IPs from shithole countries like Brazil and Romania at the protocol level! Even the very suggestion of implementing such a thing raised hackles all over the sandal-wearing sections of the open source community, and impassioned cries of racism. Naturally, I set it up immediately. Now, if I could just find that kernel module... Posted by: Rube at April 29, 2007 12:31 PM
Blocking IP addresses by country is not too difficult. There are places that generate CIDR-format netblocks by country, and it wouldn't be difficult to write a firewall script that would parse file(s) containing that data and add discard rules. There are a couple of tarpit scripts in http://www.impsec.org/~jhardin/antispam/ that I use on my hosted server to trap SMTP abusers and worm traffic. It's gratifying to see the reports of jerks that are wallowing around in the pit. Posted by: John Hardin at April 29, 2007 12:53 PM
John, Good stuff! Looking through your scripts, I can just imagine some of the lame-ass crap that gets stuck in the tar. Identifiying IP addresses by GEO isn't really the big problem. I did an anti-comment spam feature on my blog using the ip2cc python package, for example. What I haven't been able to figure out is a way to get that integrated into the firewall tables without just going through the list, and I doubt iptables was really designed with that in mind. In the past 10 years I've only had 2 breakins on any of my servers (knock on wood), and both times they came in through BIND exploits. And both times they came from countries that had no business whatsoever contacting my machine in the first place, those being China (2001) and Brazil (2007). I don't want my machines even accepting *packets* from those places. And man, am I tired of getting Google-searches like "SEXS BITCH" from Saudi Arabia. But then, when your blog's got a name like mine, you've got to expect that sort of thing :-/ Posted by: Rube at April 29, 2007 02:17 PM
Post a comment
|
The Experts agree... everything is Fine.
CIA World Factbook
Dictionary/Thesaurus History Channel How Stuff Works Literary Resource Maps MuggleNet RefDesk.com Wikipedia 
Anna
Baboon Pirates Big Dick's Place Bitterman Boudicca's Voice Braden's Corner Cadillac Tight Caltech Girl Catfish Charming, Just Charming Christina Dash Dax Montana Devine InnerBitchin' Drunken Wisdom Eject! Eject! Eject! Elisson Eric the Blade Erica's Blog Feisty Repartee Grouchy Old Cripple Holder of Useless Knowledge Joan of Argghh KeesKennis Key Kim du Toit Last One Speaks Leslie's Omnibus Little Green Footballs Meanderings Neptunus Lex Oddybobo On the Patio One For The Road Parkway Rest Stop Random Nuclear Strikes Redneck Restroom Revelations Shadowscope Sie Bitch Sissy Smoke On The Water Tall Cool Drink of Water Technicalities The Impolitic The Law Dog Files The Senior Chief The View From My Window Treppenwitz Velociman When the Smoke Clears WitNit Zonker 
The American Conservative
American Partisan Ann Coulter The Command Post Cox & Forkum DEBKAfile Drudge Report Fox News The Heritage Foundation The Intellectual Conservative Interpol John Cox Art Laura Ingraham Michelle Malkin National Review Online NOAA Home Page Neal Boortz Power Line Right Wing News RightWingStuff Townhall.com U.S. Constitution U.S. Dept. of State Washington Times The Weekly Standard WorldNetDaily  
|