[SATLUG] ATT Thanks you

David Kowis dkowis at shlrm.org
Mon Jan 8 12:16:02 CST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Daniel J. Givens wrote:
> Most ISPs do not take immediate action on these sorts of things. If
> they did, they would be completely overwhelmed. Think about how big
> AT&T is and how many customers, commercial and residential, they have.
> If you had a smaller ISP, then the response time might be better, but
> it is AT&T.
> 
> Since most of these attacks are from zombies, there isn't much that
> can be gained. Law enforcement isn't going to get involved and the
> customer who's system is attacking you MIGHT get their account
> temporarily suspended. If you were being DDoS'd, then they would
> probably work with you more, but then again, if you don't have a
> commercial account, you wouldn't get top priority unless it was
> affecting other customers.
> 
> I get people constantly beating on my SSH, web, and FTP services. I
> used to report them to the ISP they came from (abuse at whatever.com),
> but rarely did I ever hear anything back so I stopped. If it's not
> something that is actually going to break your server, then make sure
> your system is up to date and ignore it. Dealing with the numerous
> botnets is all part of having a publicly accessible service. If they
> bother you too much, start adding iptables rules against them like
> others have already said.
> 

I have this problem. The only really good solution is to use secure
software. Blacklisting IPs gets tedious and can result in a DDoS. I've
found that the TARPIT patch to the linux kernel is lots of fun for
things like this. If you were to scan my ip (which is shlrm.org, btw),
every port would appear open. In reality, however, they're just being
tarpitted. It keeps alive the TCP connection with a window of 0.
Requires next to no resources, and really bogs down worms and port
scans. I find it quite nice :)

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQGVAwUBRaKKYsnf+vRw63ObAQrpYAv+OBzvFoPcnrxdjZtVjJwi+pnSMplx1fmu
KvlvrnTuP+wPHUx+6PgHP24ge5FR9WN74/InL8Tt2B6em0QNpqUAEB3/x6st7Aa8
+q21Xr5qTFT9uOExPppzCu7L9J7jJP5WbN2bV0leSEWhYd0B12AcrKMSGT8r2GzN
Afsl8XsGuZ6KH8kHSCyYRJmUwI9k9J0XpoERs+RktV17IpnO6atu9UHeEtqpejMe
D+mC3tDMKpGRx3NG6uUXiXZD3BUVADIjQ5g73R8VexWTl9vy5IDe87PzHbaSxU8q
y+dw/O9zz0djbjnDnSr1/gNYKMHy8HT+HCA4NDKZ4W57pEtdenWYzO5z6zRsMeTQ
cuuquUvl3nqCeXerW6xzHCTKqYklliguIUwLYpAFgISnXcJ3AKEcubDSVebSKYRQ
IcbuhCWdIREYO7J4D/GFJyp+R5qb3s0I88Brs38q5zVooaXQbn9kocbSb9Ub4HL6
qbJnV/MVStRy1oJ56MxlcuEytk8TPYTc
=pgiV
-----END PGP SIGNATURE-----

More information about the SATLUG mailing list