[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LaBrea -- WAS: under attack :-)
> this is not an attack, per se. it's machines infected with the nimda or
> code red worms, looking to see if you're running IIS.
[snip]
> if you want to have a little fun (fsvo fun), allow incoming traffic on
> port 80 and run (you'll have to do this as root, to bind to port 80):
>
> nc -v -l -p 80
>nc is netcat - google for it.
> mulix
People,
Being sick and tired of these worms probing my networks (hundreds per day),
I searched for solutions and found this:
http://www.hackbusters.net/LaBrea/LaBrea.html
>From the page:
"LaBrea is a program that creates a tarpit or, as some have called it, a
"sticky honeypot". LaBrea takes over unused IP addresses on a network and
creates "virtual machines" that answer to connection attempts. LaBrea
answers those connection attempts in a way that causes the machine at the
other end to get "stuck", sometimes for a very long time."
What do you people think about this program? Can it really be effective?
Pros and cons?
TIA
Henry
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il