Security Incidents mailing list archives

Re: scan log and subsequent response from the host's ISP

From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Mon, 10 Jul 2000 09:56:40 -0300

Hi,

if so to reason,in short time all of domains will be blocked. It's no way !
We should make a dynamic mechanism for struggle with wreckers
Do you have any ideas with ?


basically i already wrote about an idea about this. What about the following:

1. Accept a certain amount of scans.
2. If the amount of scans exceeds that, slow them down (put them in a lower
priority queue) until the amount of scans again matches the acceptable maximum.
3. On amount of scans beeing under some minimum thresold, put them back into the
normal priority queue. Or une step further to normality.

Should be no problem with newer Linux kernels. Cisco routers should have a
similar option.

Greetings
Siegfried Gipp

Current thread:

Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor?, (continued)
- - - Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor? Litscher, Steven (Jul 21)
    - Sudden increase in scans. Rune Kristian Viken (Jul 20)
    - Re: Sudden increase in scans. Aaron Kelley (Jul 24)
    - Wierd Windows 98 bug? Mark Collins (Jul 20)
    - Port 38293 Tim H (Jul 21)
    - Re: Port 38293 Talisker (Jul 22)
  - Re: scan log and subsequent response from the host's ISP StrmShdw (Jul 08)
    - Re: scan log and subsequent response from the host's ISP M J (Jul 10)
- Re: scan log and subsequent response from the host's ISP David Jahne (Jul 07)
- Re: scan log and subsequent response from the host's ISP Michal.Nazarewicz () SAYDK CO UK (Jul 10)
- Re: scan log and subsequent response from the host's ISP sigipp () WELLA COM BR (Jul 10)
  - Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 10)
- Re: scan log and subsequent response from the host's ISP Narins, Joshua (Jul 11)