Date: Fri, 9 Oct 2009 15:38:36 -0700 (PDT) From: Aflatoon Aflatooni <aaflatooni@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: Security blocking question Message-ID: <493986.15275.qm@web56204.mail.re3.yahoo.com> In-Reply-To: <20742_1255125211_4ACFB0DB_20742_1553_2_70C0964126D66F458E688618E1CD008A08CCED3B@WADPEXV0.waddell.com> References: <526808.11391.qm@web56207.mail.re3.yahoo.com> <6201873e0910091448h46c13ce4h2e9df8920a8fe27a@mail.gmail.com> <20742_1255125211_4ACFB0DB_20742_1553_2_70C0964126D66F458E688618E1CD008A08CCED3B@WADPEXV0.waddell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A=0A=0A=0A----- Original Message ----=0A> From: Gary Gatten <Ggatten@wadd= ell.com>=0A> To: Adam Vande More <amvandemore@gmail.com>; Aflatoon Aflatoon= i <aaflatooni@yahoo.com>=0A> Cc: freebsd-questions@freebsd.org=0A> Sent: Fr= i, October 9, 2009 5:53:10 PM=0A> Subject: RE: Security blocking question= =0A> =0A> I might also add, if it's only a handful that have legitimate acc= ess=0A> requirements, maybe black hole all ip's from locations (countries, = etc.)=0A> they'll never be in.=A0 We see a lot of bad traffic from well, ce= rtain=0A> countries and we simply null route them.=A0 Or if I feel like pla= ying a=0A> bit I'll route them to a tar-pit and honey pot just to see what = they do.=0A> Pretty entertaining sometimes! :)=0A> =0A> =0A=0AMy experience= has been that honeypot is good to catch internal hackers. =0AI have also n= oticed that we get dictionary attacks from zombies in North America. I have= managed to capture a Perl script that they use and it just retransmits the= command from the IP of the server that have the Perl script installed.=0A= =0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?493986.15275.qm>