This is why I use slackware - Slackware

This is a discussion on This is why I use slackware - Slackware ; Hallo, Grant, Du meintest am 07.10.08: > Most abuse traffic I see here is more annoying than fending off > attacks, like: my web site has one form, so some script kiddies in NL > decide to hit the thing ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 57 of 57

Thread: This is why I use slackware

  1. Re: This is why I use slackware

    Hallo, Grant,

    Du meintest am 07.10.08:

    > Most abuse traffic I see here is more annoying than fending off
    > attacks, like: my web site has one form, so some script kiddies in NL
    > decide to hit the thing every few minutes for days on end



    From
    ecatel.net

    or from another dutch ISP?

    Viele Gruesse
    Helmut

    "Ubuntu" - an African word, meaning "Slackware is too hard for me".


  2. Re: This is why I use slackware

    On 07 Oct 2008 08:15:00 +0200, helmut@hullen.de (Helmut Hullen) wrote:

    >Hallo, Grant,
    >
    >Du meintest am 07.10.08:
    >
    >> Most abuse traffic I see here is more annoying than fending off
    >> attacks, like: my web site has one form, so some script kiddies in NL
    >> decide to hit the thing every few minutes for days on end

    >
    >
    >From
    > ecatel.net


    Yes.

    >Viele Gruesse
    >Helmut
    >

    You do need "-- " at the start of this line to mark start of .signature
    >"Ubuntu" - an African word, meaning "Slackware is too hard for me".


    Grant.
    --
    http://bugsplatter.id.au/

  3. Re: This is why I use slackware

    Hallo, Grant,

    Du meintest am 07.10.08:

    >>> Most abuse traffic I see here is more annoying than fending off
    >>> attacks, like: my web site has one form, so some script kiddies in
    >>> NL decide to hit the thing every few minutes for days on end


    >> From
    >> ecatel.net


    > Yes.


    That provider seems to be ignorant.
    One server calls my FAQ (phpMyFAQ) every 3 minutes, it always gets a
    "500" answer. Since more than 2 weeks.

    I have informed the provider every 3 days - no reaction. Now I have
    blocked it via ".htaccess".

    Viele Gruesse
    Helmut

    "Ubuntu" - an African word, meaning "Slackware is too hard for me".


  4. Re: This is why I use slackware

    Grant wrote:

    > Who'd run a telnet server these days?


    Not everything on the 'net is a personal computer. Some network devices
    still provide administrative access only via telnet.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  5. Re: This is why I use slackware

    On Tue, 07 Oct 2008 20:05:48 +1100, Grant sprout:

    > On 07 Oct 2008 08:15:00 +0200, helmut@hullen.de (Helmut Hullen) wrote:

    ....
    >>Viele Gruesse
    >>Helmut
    >>

    > You do need "-- " at the start of this line to mark start of .signature
    >>"Ubuntu" - an African word, meaning "Slackware is too hard for me".

    >
    > Grant.


    Grant, you should by now know that it is not his .sig, there's no
    "-- " nor b0rken "--" prefix, it is just that he still believes that's the
    modern germ-am-english to say goodbye...

    ....or, maybe does he just mean "signware's too hard for me" ?-)


  6. Re: This is why I use slackware

    On 07 Oct 2008 18:12:42 GMT, Loki Harfagr wrote:

    >Grant, you should by now know that it is not his .sig, there's no
    >"-- " nor b0rken "--" prefix, it is just that he still believes that's the
    >modern germ-am-english to say goodbye...
    >
    >...or, maybe does he just mean "signware's too hard for me" ?-)


    Yup, I like "signware's too hard for me" )

    Grant.
    --
    http://bugsplatter.id.au/

  7. Re: This is why I use slackware

    On Tue, 7 Oct 2008 17:52:41 +0000 (UTC), Sylvain Robitaille wrote:

    >Grant wrote:
    >
    >> Who'd run a telnet server these days?

    >
    >Not everything on the 'net is a personal computer. Some network devices
    >still provide administrative access only via telnet.


    I've led a sheltered computing life, biggest machine I played on was
    SGI IRIX-64 box at uni. In final year I was on the thing from home
    hours/day as it was my (text) gateway to the world.

    On the other hand I used to work with microcontrollers with 1kB ROM
    and 32 bytes RAM (8048 family), and that RAM included registers and
    call stack (all of two levels). Fun stuff.

    Grant.
    --
    http://bugsplatter.id.au/

  8. Re: This is why I use slackware

    Grant wrote:

    > ... at the moment my firewall cannot be OS profiled by nmap (a friend
    > tried this recently) precisely because it does not do the default or
    > expected response to port scans.


    This matters because ... ?

    (Nmap gets the OS of my home gateway system wrong, probably because the
    systems it's natting and port-forwarding for aren't all the same ...)

    Remember, above all, obscurity != security. Someone who wants to break
    into your system may want to prioritze exploits to try, but giving them
    less information doesn't mean they won't still try; it means they'll
    try harder. It means they'll try stuff that isn't likely to work as
    well as the stuff that might (assuming you have a service available that
    might be subverted). At best, you buy yourself some time, but automated
    exploits have all the time in the world.

    If you take measures to properly secure your systems, however, including
    appropriate access control, you won't worry about whether the scanners
    can tell whether you're running Linux or not. You'll worry only when
    they set-off some form of intrusion detection you have.

    I'm not saying that you should publish your system's information in a
    readily accessible location, of course, but you might want to consider
    whether any true value is gained by attempting to hide information that
    can normally be detected programmatically.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  9. Re: This is why I use slackware

    +Alan Hicks+ wrote:

    > The only real solutions to any computer problem are personal
    > education, and/or hiring some one who knows more than you do to fix
    > it.


    Agreed. Ironically, both tend to be considered too "expensive", or not
    considered at all by the upper layer of many organizations. :-(

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  10. Re: This is why I use slackware

    On Tue, 7 Oct 2008 19:21:11 +0000 (UTC), Sylvain Robitaille wrote:

    >Grant wrote:
    >
    >> ... at the moment my firewall cannot be OS profiled by nmap (a friend
    >> tried this recently) precisely because it does not do the default or
    >> expected response to port scans.

    >
    >This matters because ... ?


    It doesn't )

    >I'm not saying that you should publish your system's information in a
    >readily accessible location, of course, but you might want to consider
    >whether any true value is gained by attempting to hide information that
    >can normally be detected programmatically.


    Ah, but I do publish site's information
    http://bugsplatter.id.au/kernel/boxen/deltree/

    This discussion is good 'cos it clears the cobwebs from my thinking.

    I've changed from DROPs to (this is tail end of INPUT processing):

    # send any repeat offenders to jail
    iptables -A INPUT -p all -m recent --rsource --rcheck --name junk \
    --seconds $junk_limit_secs \
    --hitcount $junk_limit_hits \
    -m recent --rsource --name junk --remove -g gotojail
    iptables -A INPUT -p all -m recent --rsource --name junk --set

    # log and reject / drop junk
    iptables -A INPUT -p tcp -m conntrack --ctstate INVALID \
    $limit_rate_log "JLE:inp:drop invalid "
    iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP

    iptables -A INPUT -p all $limit_rate_log "JLE:inp:drop junk "
    iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j REJECT
    iptables -A INPUT -p all -j DROP

    Grant.
    --
    http://bugsplatter.id.au/

  11. Re: This is why I use slackware

    On 07 Oct 2008 12:17:00 +0200, helmut@hullen.de (Helmut Hullen) wrote:

    >Hallo, Grant,
    >
    >Du meintest am 07.10.08:
    >
    >>>> Most abuse traffic I see here is more annoying than fending off
    >>>> attacks, like: my web site has one form, so some script kiddies in
    >>>> NL decide to hit the thing every few minutes for days on end

    >
    >>> From
    >>> ecatel.net

    >
    >> Yes.

    >
    >That provider seems to be ignorant.
    >One server calls my FAQ (phpMyFAQ) every 3 minutes, it always gets a
    >"500" answer. Since more than 2 weeks.
    >
    >I have informed the provider every 3 days - no reaction. Now I have
    >blocked it via ".htaccess".


    Well this morning my favourite script-kiddie from NL is back hitting
    http again, but their IP is in the deny list -- so they're not accessing
    the web server, I may let it in to see if the script has changed. After
    all, in response to the web form misuse by this s-k, I put in place some
    query validation stuff so I don't have the server wasting it's time
    building a response to an idiot script. Only one valid looking query
    turned away 'cos his local time was way off.

    Grant.
    --
    http://bugsplatter.id.au/

  12. Re: This is why I use slackware

    On Tue, 6 Oct 2008, Mark Madsen wrote:

    >> Already stated my proof, not my problem it doesnt fit in with your
    >> fantasy, I also note you cant state why I should accept your word over a
    >> debian team members, but I thought as much, troll. Now **** off back to
    >> whatever rock you climbed from out of troll boi.

    >
    > Fascinating.


    Yeah I thought as much

    >


    --
    Cheers
    Res

    "The hopes we had, were much to high, way out of reach, but we have to
    try, no need to hide, no need to run, cause all the answers come one by
    one" -Freiheit

  13. Re: This is why I use slackware

    On Tue, 7 Oct 2008, Sylvain Robitaille wrote:

    > Grant wrote:
    >
    >> Who'd run a telnet server these days?

    >
    > Not everything on the 'net is a personal computer. Some network devices
    > still provide administrative access only via telnet.


    Yes, but who in their sane mind doesnt run ACL's on those devices


    --
    Cheers
    Res

    "The hopes we had, were much to high, way out of reach, but we have to
    try, no need to hide, no need to run, cause all the answers come one by
    one" -Freiheit

  14. Re: This is why I use slackware

    Res wrote:

    >> .... Some network devices still provide administrative access only
    >> via telnet.

    >
    > Yes, but who in their sane mind doesnt run ACL's on those devices


    Of course, but my point was simply in response to Grant's question.
    Keep in mind, though, that it seems some folks don't really know how to
    use access-control. If they could move the telnet server on their
    switches to a non-standard port, they likely would sooner do that than
    learn how to properly secure the devices ... ;-)

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  15. Re: This is why I use slackware

    On Thu, 9 Oct 2008, Sylvain Robitaille wrote:

    > Res wrote:
    >
    >>> .... Some network devices still provide administrative access only
    >>> via telnet.

    >>
    >> Yes, but who in their sane mind doesnt run ACL's on those devices

    >
    > Of course, but my point was simply in response to Grant's question.
    > Keep in mind, though, that it seems some folks don't really know how to
    > use access-control. If they could move the telnet server on their
    > switches to a non-standard port, they likely would sooner do that than
    > learn how to properly secure the devices ... ;-)


    Seen that a few times myself, kinda funny, one was moved from 25 to, get
    this, 80 ! hahaha that was clever, not like it'd ever be found, LOL


    --
    Cheers
    Res

    "The hopes we had, were much to high, way out of reach, but we have to
    try, no need to hide, no need to run, cause all the answers come one by
    one" -Freiheit

  16. Re: This is why I use slackware

    Res wrote:

    >> If they could move the telnet server on their switches to a
    >> non-standard port, they likely would sooner do that than learn how to
    >> properly secure the devices ...

    >
    > Seen that a few times myself, kinda funny, one was moved from 25 to,
    > get this, 80 ! ...


    My point exactly. I guess the thought process is along the lines of
    "no one will think to telnet there, and their web browsers won't find
    anything ..." Hrmmm... even 25 would be a bit of a disaster, of course
    .... ;-)

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  17. Re: This is why I use slackware

    On Fri, 10 Oct 2008, Sylvain Robitaille wrote:

    >> Seen that a few times myself, kinda funny, one was moved from 25 to,
    >> get this, 80 ! ...

    >
    > My point exactly. I guess the thought process is along the lines of
    > "no one will think to telnet there, and their web browsers won't find
    > anything ..." Hrmmm... even 25 would be a bit of a disaster, of course
    > ... ;-)


    yes , most common ones i've seen are 23,24,25,26,28,80,81,88,222,443,2222
    we used to have a residential plan type that prohibited servers and used
    to scan our customers often, you wont believe where I've seen http stuff
    on.

    --
    Cheers
    Res

    "The hopes we had, were much to high, way out of reach, but we have to
    try, no need to hide, no need to run, cause all the answers come one by
    one" -Freiheit

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3