Date: Thu, 20 Dec 2001 17:54:57 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: corecode <corecode@corecode.ath.cx> Cc: Will Andrews <will@csociety.org>, kris@FreeBSD.ORG, will@FreeBSD.ORG, ports@FreeBSD.ORG Subject: Re: cvs commit: ports/security Makefile ports/security/labrea Makefile distinfo pkg-comment pkg-descr pkg-plist ports/security/labrea/files patch-Makefile Message-ID: <20011220175457.A70525@citusc17.usc.edu> In-Reply-To: <20011220131632.18a81a81.corecode@corecode.ath.cx>; from corecode@corecode.ath.cx on Thu, Dec 20, 2001 at 01:16:32PM %2B0100 References: <200112190822.fBJ8MkE86981@freefall.freebsd.org> <20011219205113.D82898@citusc17.usc.edu> <20011220011710.C73815@squall.waterspout.com> <20011220131632.18a81a81.corecode@corecode.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 20, 2001 at 01:16:32PM +0100, corecode wrote: > On Thu, 20 Dec 2001 01:17:10 -0500 Will Andrews <will@csociety.org> wrote: >=20 > > On Wed, Dec 19, 2001 at 08:51:13PM -0800, Kris Kennaway wrote: > > > > Log: > > > > Add labrea 2.3, a defense mechanism against CodeRed. > > >=20 > > > Does this really belong in the ports collection? I still get the > > > occasional CodeRed hit on my webservers, but they're definitely in > > > decline, and unless (until :) there are future vulnerabilities in the > > > same IIS files this doesn't seem to have much utility. > >=20 > > Maybe. It seems to be more generic than just protection against > > CodeRed, but rather worms in general. But I'm just the guy who > > reviewed the port and committed it. :-) >=20 >=20 > actually LaBrea is no defense against CodeRed but it's a general tarpit. > this means you let it run on free (unassigned) ip addresses (no need for > another computer, just let it run) and it will grab all connection tries > (which must be "illegal" (scans) because these ips are not assigned to > computers) and hold them via setting window size to 0 (=3D "hold on, i'll > get back to you"). this results in a minimal bandwidth usage (not more > than 1k per several addresses iirc) but stops (or slows) the scanner. OK, that makes sense - thanks for clarifying. Kris --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8IpZwWry0BWjoQKURAh5YAJkBQX2i+co4HXysNPTpY2BfcbNbhgCcCKoU duGGP8pSsiOHOqRL2Xdf+V4= =fxxz -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011220175457.A70525>