Re: blocking irc + botnets - hbeaumont hbeaumont

All of lore.kernel.org
 help / color / mirror / Atom feed

From: hbeaumont hbeaumont <ahlist@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: blocking irc + botnets
Date: Thu, 4 Aug 2005 12:04:12 -0500	[thread overview]
Message-ID: <bc5becf6050804100426d8357a@mail.gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0508040943350.27293@yvahk01.tjqt.qr>

On 8/4/05, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> 
> 
> >We have servers that could get infected via poorly wrote user scripts. I
> 
> Fix the servers. Don't let arbitrary scripts in.
> 
> 
please take this in a friendly manner :)

When I wrote my initial message, I knew somebody would give me this type of 
reply (ie. secure your servers, smack the bad users)

However the fact is that in REAL LIFE, you will have users that use bad 
scripts or even "good" script that have bugs (phpbb, etc, etc.).

I want to find a way to make sure that we have an extra layer of protection 
to make sure our servers weren't DOS'ing other boxes - even if it was
only for a short time until an admin logged in to check the source of the 
outgoing traffic spike.

Bottom line :

I simply want to get a good ruleset to share so that anyone who might ever 
have a server compromised (even non-root, php-apache based stuff running as 
nobody) could help
stop the outgoing bad traffic. 

There is a lot of discussion on stopping things from coming into a server. 
If those of us who run servers (I'm pointing the finger at myself!) would 
take the extra effort to stop what can
possibly go out, it would solve a lot of the problems. 

I don't have the knowledge to set this up in the best method. That's why I 
asked here.

Thanks to all!

next prev parent reply	other threads:[~2005-08-04 17:04 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-02 15:41 blocking irc + botnets hbeaumont hbeaumont
2005-08-02 16:55 ` Daniel Lopes
2005-08-02 18:36   ` R. DuFresne
2005-08-03 16:18 ` Maxime Ducharme
2005-08-04  7:43 ` Jan Engelhardt
2005-08-04 17:04   ` hbeaumont hbeaumont [this message]
2005-08-04 21:59     ` curby .
2005-08-05  6:26     ` Jan Engelhardt
  -- strict thread matches above, loose matches on Subject: below --
2005-08-02 16:37 Piszcz, Justin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bc5becf6050804100426d8357a@mail.gmail.com \
    --to=ahlist@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.