Security Incidents mailing list archives
Re: scan log and subsequent response from the host's ISP
From: pauel () BALAKOVO RU (Pauel Loshkin)
Date: Mon, 10 Jul 2000 18:10:39 +0400
sigipp () wella com br wrote:
Hi,if so to reason,in short time all of domains will be blocked. It's no way ! We should make a dynamic mechanism for struggle with wreckers Do you have any ideas with ?basically i already wrote about an idea about this. What about the following: 1. Accept a certain amount of scans. 2. If the amount of scans exceeds that, slow them down (put them in a lower priority queue) until the amount of scans again matches the acceptable maximum. 3. On amount of scans beeing under some minimum thresold, put them back into the normal priority queue. Or une step further to normality. Should be no problem with newer Linux kernels. Cisco routers should have a similar option.
It's not solution of this problem. Problem is not scan,problem is a provider,who have no reaction to spam/scan/other destructive actions in the internet.... -- ** The hedgehog is a proud bird, he does not fly without kick ** Pauel System administrator ICQ UIN 39596913 8990192 Phone (7-84570)-52525 (7-84570)-40658 Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Current thread:
- Sudden increase in scans., (continued)
- Sudden increase in scans. Rune Kristian Viken (Jul 20)
- Re: Sudden increase in scans. Aaron Kelley (Jul 24)
- Wierd Windows 98 bug? Mark Collins (Jul 20)
- Port 38293 Tim H (Jul 21)
- Re: Port 38293 Talisker (Jul 22)
- Re: scan log and subsequent response from the host's ISP StrmShdw (Jul 08)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 10)