[CLUE-Talk] Preventing Hack Attempts before they Happen
R Frank
rfrank at rfrank.net
Sat May 12 17:41:14 MDT 2001
On Sat, 12 May 2001 22:21:51
"Jim Intriglia" <jimintriglia at hotmail.com> questioned:
> Would it make sense if all Clubies submitted their PostSentry (or other
> security log info) that lists the IP address of crackers? My thinking is
> that this list of known cracker IP's can be imported into PortSenty and
> host.deny files, to avert an attack before it happens.
Wish I knew more about this. I checked my logs and there are 88 different
IP addresses being blocked, most as a result of scans to port 111. Am I
wrong in thinking that such scans are not evidence of a would-be hacker?
There is a burst of activity on May 7th against my port 119, and the
machine reported it went into "stealth listening mode" on that port
at that time. But as far as which IP addresses to deny, I'm not sure
which are real threats and which are innocuous port scans.
Roger Frank
More information about the clue-talk
mailing list