Date: Thu, 20 Dec 2001 13:16:32 +0100 From: corecode <corecode@corecode.ath.cx> To: Will Andrews <will@csociety.org> Cc: kris@FreeBSD.ORG, will@FreeBSD.ORG, ports@FreeBSD.ORG Subject: Re: cvs commit: ports/security Makefile ports/security/labrea Makefile distinfo pkg-comment pkg-descr pkg-plist ports/security/labrea/files patch-Makefile Message-ID: <20011220131632.18a81a81.corecode@corecode.ath.cx> In-Reply-To: <20011220011710.C73815@squall.waterspout.com> References: <200112190822.fBJ8MkE86981@freefall.freebsd.org> <20011219205113.D82898@citusc17.usc.edu> <20011220011710.C73815@squall.waterspout.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=.lxZb2K+i/GA2g' Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 20 Dec 2001 01:17:10 -0500 Will Andrews <will@csociety.org> wrote: > On Wed, Dec 19, 2001 at 08:51:13PM -0800, Kris Kennaway wrote: > > > Log: > > > Add labrea 2.3, a defense mechanism against CodeRed. > > > > Does this really belong in the ports collection? I still get the > > occasional CodeRed hit on my webservers, but they're definitely in > > decline, and unless (until :) there are future vulnerabilities in the > > same IIS files this doesn't seem to have much utility. > > Maybe. It seems to be more generic than just protection against > CodeRed, but rather worms in general. But I'm just the guy who > reviewed the port and committed it. :-) actually LaBrea is no defense against CodeRed but it's a general tarpit. this means you let it run on free (unassigned) ip addresses (no need for another computer, just let it run) and it will grab all connection tries (which must be "illegal" (scans) because these ips are not assigned to computers) and hold them via setting window size to 0 (= "hold on, i'll get back to you"). this results in a minimal bandwidth usage (not more than 1k per several addresses iirc) but stops (or slows) the scanner. i hope this cleared up cheerz corecode -- /"\ http://corecode.ath.cx/ \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News --=.lxZb2K+i/GA2g' Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8Idamr5S+dk6z85oRAq87AKDVnX6GPXzxMqWLeOdy1bWYrJCzYACgwFaS TBkrt/UfxPjKQRVljWRcxqs= =Zuc+ -----END PGP SIGNATURE----- --=.lxZb2K+i/GA2g'-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011220131632.18a81a81.corecode>