On Mon, 2005-08-08 at 09:25 -0500, Jason L Tibbitts III wrote:
>>>>> "JC" == Justin Conover
<justin.conover(a)gmail.com> writes:
JC> Is it stupid when someone is trying to get on your box, leaves the
JC> ip and has a website on that ip ;-)
Yes, but most of these hosts have been hacked and are just running
automated tools to find other hackable boxes.
To protect yourself, install denyhosts from extras, tune it to your
environment and enjoy the satisfaction of having these be blocked
automatically.
I hope to have an updated version of denyhosts checked into extras
soon.
That sounds like auto-shunning, a term that Dan Kaminsky, uses. You are
basically allowing the cracker add rules. Auto-shunning + IP Spoofing =
Nastiness. They could say spoof your default gateway, root dns servers,
the dns servers you use, etc. Then you automatically block those things
that you need access to. They can also do this to you so that they can
pretend to be you. They just get you to block the people that they want
to appear to you to. The reverse is also possible. They get you to block
your bank and then pretend to be your bank to phish you.
http://www.doxpara.com/Black_Ops_Of_TCPIP_2005.ppt