Security Basics mailing list archives
Re: Root kits and host.deny
From: Edward Krack <eddie_krack () yahoo com>
Date: Thu, 8 Dec 2005 20:09:26 -0800
Frynge.com Support:
1: Does anyone know without a firewall how to block an ip through the hosts.deny or any other secure method? is it ALL: 211.174.53.89 : DENY
You can use the "KNOWN" wildcard. A better way to block all services not explicitly defined is to make the last entry in hosts.allow ALL : ALL : DENY removing the need for a hosts.deny.
3: Also, do you have anywhere you can send ips like the above, to either report them, (i am going to report it to his isp he is in korea - but I am waiting to do things to him possibly)
Distributed Intrusion Detection System DShield.org
[root@oannes chkrootkit-0.46a]# ./chkrootkit -q Possible t0rn v8 \(or variation\) rootkit installed
Give rkhunter a gander. http://www.rootkit.nl/ Krack
Current thread:
- Strange found in apache error.log kc (Dec 05)
- Re: Strange found in apache error.log ascii (Dec 05)
- Re: Strange found in apache error.log Security (Dec 05)
- Re: Strange found in apache error.log Gaddis, Jeremy L. (Dec 06)
- Root kits and host.deny Frynge.com Support (Dec 08)
- Re: Root kits and host.deny Scott B (Dec 08)
- Re: Root kits and host.deny Jeff Davis (Dec 08)
- Re: Root kits and host.deny Edward Krack (Dec 12)
- Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 12)
- Message not available
- Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 13)
- <Possible follow-ups>
- Re: Strange found in apache error.log arron (Dec 05)
- RE: Strange found in apache error.log Miguel Dilaj (Dec 06)