Moin Michael! one strategy you could employ is to to use portsentry (http://www.psionic.com/abacus/portsentry/). it includes several 'active' defense methods (rerouting the attackers ip/modifying access control via hosts.deny). perhaps not much help to you, but worth looking at. -- michael Michael Weiser schrieb am Dienstag, den 17. Oktober 2000:
Hello,
I'm administering some Linux machines permanently connected to the internet which I'm trying to protect reasonably. Therefore I disable unneeded services, keep software up-to-date, run a packet filtering firewall and use a intrusion detection and protection tool (snort).
But the number of ping-, version- and portscans increases every day, which makes me want to react more actively. Of course it'd be stupid to attack the attacker myself but I'd like to at least notify the administrators of the malicious users/customers of what's going on so that they (can) stop it.
No problem so far but unfortunately a lot of sysadmins don't seem to feel responsible until someone sues them. Therefore I'd like to send out a carefully researched mail filled with some paragraphs to make 'em think. But since I'm a complete idiot at legal issues I don't want to do it myself and prefer some already better done work of someone who knows what she is speaking about. :)
So my (frequently asked, I fear) question is: Can someone help me out with such a text, some facts or a starting point for a search? I'd especially be interested in German and American law since I and the machines in question are situated in Germany and most attacks come from American networks.
Thanks for your help and sorry if it's really an FAQ and already answered elsewhere. -- bye, Michael Elephants don't play chess!
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com