Re: [Nolug] Tons of DHCPREQUEST messages in syslog

From: Ron Johnson <ron.l.johnson_at_home.com>
Date: Tue, 8 Jan 2002 21:33:44 -0600
Message-Id: <20020109033351.DSAQ16463.femail7.sdc1.sfba.home.com@there>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 08 January 2002 09:14 pm, HSI System Engineer wrote:
> We can't open some of these ports as some users aren't savvy enough
> to not open attachments they shouldn't. Alla, Minda, etc...

Doesn't Linux have a "dynamic port monitor", so that if it sees
an IP address trying to hack in, that it adds that address to
the DENY list?

Do something like that for port 80. If you see a cox.net ip
address running IIS that is sendinng out a storm of packets with
the appropriate "virus" signature, block that address' port 80.
Other heuristics, like high, continuous outbound trafic on the
popular ports, could also be triggers for targeted port blocking.

Then, leave the rest of us in peace to behave resposibly.

Of course, Ted Kennedy will stop drinking before something like
that would be implemented by a mega ISP...

> On 1/8/02 3:02 PM, "Ron Johnson" <ron.l.johnson@home.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Tuesday 08 January 2002 01:51 pm, Jerald Sheets wrote:
> >> It hides *COX's* problem, not mine. (Present company excepted, of
> >> course) but Cox needs to get a handle on their administration.
> >> The whole reason I *HAVE* a firewall is their lack of management
> >> of their own network.
> >
> > What do you mean? The only big thing I see in my syslog is
> > 24.4.96.74, and one of Scott's posts says it's vital.
> >
> > I wish in some ways they's manage less, say, like opening ports
> > 80 & 25...
> >
> >> -----Original Message-----
> >> From: owner-nolug@patientcarerx.com
> >> [mailto:owner-nolug@patientcarerx.com] On Behalf Of Ron Johnson
> >> Sent: Tuesday, January 08, 2002 12:53 PM
> >> To: nolug@patientcarerx.com
> >> Subject: Re: [Nolug] Tons of DHCPREQUEST messages in syslog
> >>
> >> On Tuesday 08 January 2002 11:48 am, Jerald Sheets wrote:
> >>> Sorry..I assumed a certain setup.
> >>>
> >>> I assumed the machine being used as a DHCP server for a private
> >>> network on eth1 while your eth0 is connected to the cable modem.
> >>> It is possible that you may need to tweak your syslog to not log
> >>> dhcp requests.
> >>
> >> That just hides the symptom, not resolves the issue.
> >
> > [snip]

- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@home.com |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
! "Fair is where you take your cows to be judged." !
! Unknown !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8O7oYjTz5dS9Us5wRAlF8AJoCbFImn3KcnMcEvfZHpUKbKmdUhACfYX9I
MuIcnddiaRVf59JotJk6qKs=
=tzLA
-----END PGP SIGNATURE-----
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/08/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST