Re:RV: How to stop zombie scanners?

From: Nick Edens (nedens@checkerdist.com)
Date: 10/18/01

• Previous message: Deon Grobler: "IPspoof in firewall logs"
• In reply to: Sergio Erazo: "RV: How to stop zombie scanners?"
• Next in thread: virtualphil: "Re: Re:RV: How to stop zombie scanners?"
• Reply: virtualphil: "Re: Re:RV: How to stop zombie scanners?"
• Reply: R.H. Cotterell: "Re:RV: How to stop zombie scanners?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: security-basics@securityfocus.com
From: "Nick Edens" <nedens@checkerdist.com>
Date: 18 Oct 2001 13:02:00 -0400
Subject: Re:RV: How to stop zombie scanners?
Message-Id: <JA8AAAAAABktSgABYQABVF9A4NhU@checkerdist.com>

Are there any legal actions that can be taken. I have the same problem. In fact
the most recent ip address that has been attacking me was from some fortune 500
IT consultanting company. I would think there should be some room for recourse
due to neglect. What do you all think?

- Nick Edens
  Checker Distributors

Sergio Erazo (10/16/01 5:14 PM):
>Hi,
>
>Seems like the Right Thing to do...
>
>http://hogwash.sourceforge.net/
>
>
>Sergio Erazo
>
>-----Mensaje original-----
>De: Sergio Erazo [mailto:sergio.erazo@sonda.com.ec]
>Enviado el: Lunes 8 de Octubre de 2001 11:37
>Para: security-basics@securityfocus.com
>Asunto: How to stop zombie scanners?
>
>Hi,
>
>I've set up a Linux box running snort a couple days ago. It's connected to
>the public side (Internet)of our network. During this time, the log files
>show *a lot* (80+) of zombie hosts trying to break into our servers, mostly
>with IIS attacks (cmd.exe, Code Red v2, others). Tried LaBrea, the problem
>is that we don't have any free IP address for this.
>
>Here are my questions:
>
>1. Do you know of any tool that can help preventing the flood that zombies
>are sending into?
>
>2. Does the zombie traffic affects the total bandwidth of my Internet
>connection? (MRTG shows a sustained use of 10-18Kbps...)
>
>Any help will be vastly appreciated.
>
>Sergio Erazo
>Systems Support
>SONDA

---

• Previous message: Deon Grobler: "IPspoof in firewall logs"
• In reply to: Sergio Erazo: "RV: How to stop zombie scanners?"
• Next in thread: virtualphil: "Re: Re:RV: How to stop zombie scanners?"
• Reply: virtualphil: "Re: Re:RV: How to stop zombie scanners?"
• Reply: R.H. Cotterell: "Re:RV: How to stop zombie scanners?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re:RV: How to stop zombie scanners? ... Subject: RV: How to stop zombie scanners? ... >>Sergio Erazo ... Do you know of any tool that can help preventing the flood that zombies ... (Security-Basics) Re: Re:RV: How to stop zombie scanners? ... Subject: RV: How to stop zombie scanners? ... >Sergio Erazo ... Do you know of any tool that can help preventing the flood that zombies ... (Security-Basics) RV: How to stop zombie scanners? ... Subject: RV: How to stop zombie scanners? ... Do you know of any tool that can help preventing the flood that zombies ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2001-10