Re: [SLUG] [OT] Someone trying to hack me (better solution)

[Jeffrey Borg <jeffrey@xxxxxxxxx>]

If you want to kill this new worm on the head (instead of many http
requests stop it after the 1st it's very simple and a bit insecure)

either use a firewalling tool or plain old route!

firstly chmod +s your tool (this is insecure I know but then the webserver
user can do the dirty work of blocking hosts in real time!)

then say for iptables get a script called /scripts/root.exe to execute (in
whatever your language is)

/sbin/iptables -I INPUT -s (SOURCE IP) -j DROP
OR
/sbin/route add -host (SOURCE IP) dev lo

and no more requests from that machine at all.



On Wed, 19 Sep 2001, Graeme Robinson wrote:

> the solution is to install linux and setup a firewall-gateway.  Forget
> trying to secure your win98 box.
>
> At 06:41 AM 19/09/2001 +1000, gnudev@xxxxxxxxxxxxxx wrote:
> >Hi sluggers,
> >
> >I am convinced someone is trying to hack me, or crack rather. I am sitting
> >on a dialup connection, and there's strange traffic happening. Even when I'm
> >not FTP'ing or anything, I see I have sent out like half a megabyte or
> >something.
> >
> >Is this unusual???
> >
> >I am using Windows 98 SE on this particular connection.
> >
> >Is there a packet sniffer for Windows that I can sit on the connection to
> >inspect all incoming and outgoing traffic, and get the IP address of the
> >other side, etc?
> >
> >What is the best firewall that I can install for Windoze 98?
> >
> >Thanks heaps.
> >
> >James
> >
> >
> >
> >--
> >SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> >More Info: http://lists.slug.org.au/listinfo/slug
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug
>