Re: Root kits and host.deny



Frynge.com Support:

> 1: Does anyone know without a firewall how to block an ip through the
> hosts.deny or any other secure method?
>
> is it
> ALL: 211.174.53.89 : DENY

You can use the "KNOWN" wildcard.

A better way to block all services not explicitly defined is to make the last
entry in hosts.allow
ALL : ALL : DENY
removing the need for a hosts.deny.

> 3: Also, do you have anywhere you can send ips like the above, to either
> report them, (i am going to report it to his isp he is in korea - but I am
> waiting to do things to him possibly)

Distributed Intrusion Detection System
DShield.org

> [root@oannes chkrootkit-0.46a]# ./chkrootkit -q
> Possible t0rn v8 \(or variation\) rootkit installed

Give rkhunter a gander.
http://www.rootkit.nl/

Krack



Relevant Pages

  • ANSWER THE QUESTIONS KATHLEEN/TIME FOR TRUTH!
    ... You admit or deny that your kids were taken away by child services in ... Admit or deny that your convictions were never reversed, ... > for the false claim, helping to draw fire away from the White House, ... > According to a Bloomberg news agency report, ...
    (sci.med.diseases.lyme)
  • Re: ANSWER THE QUESTIONS KATHLEEN/TIME FOR TRUTH!
    ... > admit or deny? ... > Admit or deny that your convictions were never reversed, ... >> for the false claim, helping to draw fire away from the White House, ... >> According to a Bloomberg news agency report, ...
    (sci.med.diseases.lyme)
  • Webserver behind nat/ipfw
    ... I have been struggling for the last months now to run a webserver behind a firewall. ... $cmd 005 allow all from any to any via $lif1 ... # Allow out access to my ISP's Domain name server. ... # Deny all inbound traffic from non-routable reserved address spaces ...
    (freebsd-questions)
  • Re: Hacked
    ... >that is known as a port used by a trojan horse. ... I just started using NetWatchman. ... report hits automatically on your firewall. ...
    (comp.security.firewalls)
  • Re: Stealth is good?
    ... >> A default deny all stance ... >> isn't the same as 'stealth'. ... >> to detect that there's a firewall dropping these packets. ... >> RST packet or various ICMP codes for UDP/ICMP. ...
    (comp.security.firewalls)