[CLUE-Talk] Preventing Hack Attempts before they Happen
Kevin Cullis
kevincu at orci.com
Sat May 12 17:10:27 MDT 2001
Jim Intriglia wrote:
>
> Greetings All,
>
> After signing in this morning as /root, I noticed I had mail from Portsentry
> subj.: Active Attack Alert! PortSentry dispatched the cracker via
> hosts.deny entry... cool.
>
> A question..
>
> Would it make sense if all Clubies submitted their PostSentry (or other
> security log info) that lists the IP address of crackers? My thinking is
> that this list of known cracker IP's can be imported into PortSenty and
> host.deny files, to avert an attack before it happens.
>
> It would also be interesting to see where the majority of the attacks are
> coming from (via IP lookup, sam spade tools for the clever ones). As the
> list grows more comprehensive (from CLUEbis submissions), this might be a
> useful tool to keep members safe from crackers using known IP address to
> launch scans/attacks.
>
> Sound like a worthwhile endeavor? Anything like this available presently?
Maybe Kevin Fenzi might be interested in this info. It would be
interesting to see who is being hit across the CLUE "network" if there
are some similarities.
Kevin
More information about the clue-talk
mailing list