02 Oct 16 00:57, you wrote to Robert Wolfe:
JK> I check my logs often, and when I see idiots hitting the (always <g>)
JK> telnet server, first I put them in bbbs's inet.bbb, then I let
JK> iptables take care of it...
i do similar with my IDS/IPS setup... except i don't put them in anything...
they put themselves in the block because they are exhibiting an attack and
triggering at least one IDS/IPS rule...
JK> I've noticed INTENSE swarming of jerks on the telnet and also HTTP
JK> server here :(
when they connect, do they immediately start emitting text that consists of a
user name, password and then a specific sequence of commands?? the specific
sequence of commands is what i'm interested in... my frontdoor records them as
DFRS (Data From Ring Signal) because they just start emitting these items... if
your logging records this information, please respong in private so as to not
further alert the skidiots to the fact they are being noticed and tracked...
)\/(ark
Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... A stupid stunt has taken on seemingly epic reactionary proportions.
---
* Origin: (1:3634/12.73)
|
