One day's catch...
Charles Stack
cstack@pil.net
Thu, 19 Jul 2001 22:43:29 -0400
We'll, I guess iptrap works. Here's a list of today's catches on my home PC.
Anybody you know?
Chain BANNED (3 references)
target prot opt source destination
DROP all -- 152.3.177.131 anywhere
DROP all -- 211.233.33.76 anywhere
DROP all -- 142.214.153.110 anywhere
DROP all -- 193.136.74.5 anywhere
DROP all -- wzm119a.kf.TU-Berlin.DE anywhere
DROP all -- 38.212.242.250 anywhere
DROP all -- kone11.fernet.vip.fi anywhere
DROP all -- 208.45.88.156 anywhere
DROP all -- lib51.kaist.ac.kr anywhere
DROP all -- 18.41.220-216.q9.net anywhere
DROP all -- 210.122.124.114 anywhere
DROP all -- 204.255.57.101 anywhere
DROP all -- marshall_swift_real1a.rslusa.net anywhere
DROP all -- pomew-1-65-34-40-247.pompano.net anywhere
DROP all -- 64-58-165-4.cne.cox-oc.net anywhere
DROP all -- sitia.dd.teiher.gr anywhere
DROP all -- services.cohere.net anywhere
DROP all -- c1298569-a.smateo1.sfba.home.com anywhere
DROP all -- 165.243.187.72 anywhere
DROP all -- 212.11.50.71 anywhere
DROP all -- dsl-64-128-147-65.telocity.com anywhere
DROP all -- fringegolf.com anywhere
While iptrap isn't super sophisticated (it only catchs straight tcp scans),
it's pretty clear there are lots of newbies out there who haven't discovered
the SYN or ACK attacks yet. It's pretty simple to configure and works with
iptables and ipchains. You can also have it run a script when a particular
port is hit.
Is there anything better out there (portsentry???) that can augment
iptables?
Charles