Re[2]: DOS utok

To	Debian CZ/SK project discussion list <czdebian-l zavinac debian bod cz>
From	Karel Peřan <peran zavinac volny bod cz>
Date	Mon, 9 May 2005 07:32:32 +0200
Dobrý den,
7. května 2005, 8:35:24, napsal jste:

MS> ok.  

MS> momentalne mi bezi na serveru scanlogd (coz neni uplne presne, co chcete), 
ale
MS> jde o demona, ktery hlida TCP porty a kdyz se mu neco nezda, tak lze provest
MS> urcitou akci.

MS> jiste existuje neco, co je schopne zaznamenat v kratke dobe vice pozadavku z
MS> jedne ip -- pak je mozne to bloknout, konretni nastroj vsak neznam.

MS> m.

MS> On Fri, May 06, 2005 at 09:37:41AM +0200, deadly_hawk wrote:
>> jj ja pouzivam primo iptables a udelal jsme si svuj blakclist, ale casem se
>> IP zmenili
>> ----- Original Message ----- 
>> From: "Martin Slouf" <mar zavinac centrum bod cz>
>> To: "Debian CZ/SK project discussion list" <czdebian-l zavinac debian bod cz>
>> Sent: Friday, May 06, 2005 1:10 AM
>> Subject: Re: DOS utok
>> 
>> 
>> > jestli jde o ta sama ip, tak bych je proste zakazal ve firewallu.
>> >
>> > osobne uzivam shorewall 2.x a ten ma cosi, cemu se rika 'blacklist'.
>> >
>> > pokud pridam ip na blacklist, je spojeni z neho zahozeno.
>> >
>> > vice http://www.shorewall.net a konkretne na
>> > http://www.shorewall.net/blacklisting_support.htm
>> >
>> > m.
>> >
>> > On Thu, May 05, 2005 at 08:27:54PM +0200, deadly_hawk wrote:
>> > > Server version: Apache/2.0.54
>> > > a mam to omezeno na 50 klintů, jde o to že pak nejde web ostatním
>> serveru se
>> > > to ani moc nedotkne
>> > >
>> > > apache conf :
>> > > # prefork MPM
>> > > # StartServers ......... number of server processes to start
>> > > # MinSpareServers ...... minimum number of server processes which are
>> kept
>> > > spare
>> > > # MaxSpareServers ...... maximum number of server processes which are
>> kept
>> > > spare
>> > > # MaxClients ........... maximum number of server processes allowed to
>> start
>> > > # MaxRequestsPerChild .. maximum number of requests a server process
>> serves
>> > > <IfModule prefork.c>
>> > > StartServers         5
>> > > MinSpareServers      5
>> > > MaxSpareServers     10
>> > > MaxClients          50
>> > > MaxRequestsPerChild  0
>> > > </IfModule>
>> > >
>> > >
>> > > ----- Original Message ----- 
>> > > From: "Damir Špoljarič" <admin zavinac pcsvet bod net>
>> > > To: "Debian CZ/SK project discussion list" <czdebian-l zavinac debian 
>> > > bod cz>
>> > > Sent: Thursday, May 05, 2005 6:46 PM
>> > > Subject: Re: DOS utok
>> > >
>> > >
>> > > > No seznam. Vetsina IP v NIXu ma reverz. zaznam v domene cz. Takze
>> > > > povolit pristup jen z *.cz. Jestli je nekde uverejneneny rozsah pro
>> nix
>> > > > nevim ...
>> > > > Kazdopadne v Apachi omezte aktualni mozny pocet otevrenych spojeni..
>> > > > Muzu se zeptat jakou verzi apache pouzivate?
>> > > >
>> > > >
>> > > >
>> > > > deadly_hawk napsal(a):
>> > > >
>> > > > >A ješte mě napadlo , jestli není někde seznam IP abych povolil
>> spojení
>> > > třeba
>> > > > >jen z CZ.
>> > > > >nebo max EU
>> > > > >
>> > > > >
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > admin zavinac pcsvet bod net
>> > > > icq: 258080801
>> > > > ------------------------------------------------ 
>> > > >
>> > > > ________________________________________________
>> > > > CZdebian-l maillist  -  CZdebian-l zavinac debian bod cz
>> > > > http://www.debian.cz/mailman/listinfo/czdebian-l
>> > > > E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
>> > > >
>> > > > __________ Informace od NOD32 1.1088 (20050504) __________
>> > > >
>> > > > Tato zprava byla proverena antivirovym systemem NOD32.
>> > > > http://www.nod32.cz
>> > > >
>> > > >
>> > >
>> > > ________________________________________________
>> > > CZdebian-l maillist  -  CZdebian-l zavinac debian bod cz
>> > > http://www.debian.cz/mailman/listinfo/czdebian-l
>> > > E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
>> > ________________________________________________
>> > CZdebian-l maillist  -  CZdebian-l zavinac debian bod cz
>> > http://www.debian.cz/mailman/listinfo/czdebian-l
>> > E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
>> >
>> > __________ Informace od NOD32 1.1089 (20050505) __________
>> >
>> > Tato zprava byla proverena antivirovym systemem NOD32.
>> > http://www.nod32.cz
>> >
>> >
>> 
>> ________________________________________________
>> CZdebian-l maillist  -  CZdebian-l zavinac debian bod cz
>> http://www.debian.cz/mailman/listinfo/czdebian-l
>> E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
MS> ________________________________________________
MS> CZdebian-l maillist  -  CZdebian-l zavinac debian bod cz
MS> http://www.debian.cz/mailman/listinfo/czdebian-l
MS> E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz

napada me nastroj portsentry ;) nejen ze hlida skeny portu ale i konkce na ne, 
dokonce dokaze utocnika zakazat a poslat mejl treba.

-- 
S pozdravem,
 Karel
 peran zavinac volny bod cz
Partial thread listing:
Re[2]: DOS utok, (pokračuje)
Editace PDF
GeBu
- Martin Šín
  - GeBu
utf-8 to iso apod. webserveru, Josef Moravek