Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

6 May, 2024: The networking issue during the past two days has been identified and appears to be fixed. Will keep monitoring.

computers / comp.os.vms / Intrusion detection finding internet busybodies

SubjectAuthor
o Intrusion detection finding internet busybodiesplugh

1
Intrusion detection finding internet busybodies

<65ea0149-6af5-4a65-9b2e-0d8271027102n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27571&group=comp.os.vms#27571

  copy link   Newsgroups: comp.os.vms
X-Received: by 2002:a05:622a:4e:b0:3e9:7eee:f872 with SMTP id y14-20020a05622a004e00b003e97eeef872mr4023029qtw.9.1681682798984;
Sun, 16 Apr 2023 15:06:38 -0700 (PDT)
X-Received: by 2002:ad4:5888:0:b0:56f:605:dc88 with SMTP id
dz8-20020ad45888000000b0056f0605dc88mr1344240qvb.7.1681682798811; Sun, 16 Apr
2023 15:06:38 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Sun, 16 Apr 2023 15:06:38 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=172.110.168.227; posting-account=uNeudQoAAACm0ETOCzPNrvtq-73lRbuD
NNTP-Posting-Host: 172.110.168.227
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <65ea0149-6af5-4a65-9b2e-0d8271027102n@googlegroups.com>
Subject: Intrusion detection finding internet busybodies
From: jchim...@gmail.com (plugh)
Injection-Date: Sun, 16 Apr 2023 22:06:38 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 1676
 by: plugh - Sun, 16 Apr 2023 22:06 UTC

On another host intrusion detection point that's related to this post about generating an Audit journal report.

After looking at ossec reports, which incorporate Audit logs from Arne's earlier post, I started noticing sequences of IP V4 addresses hammering on the system... well they get to hammer once.

These IP address banks cost real money, so I figured I'd look into one via whois. It's named "Shadow Server Foundation"

Those of you running production servers: how do you deal with these ass-hats? I'm sure these aren't the only wankers running security snake oil schemes. I wrote a *nice* email asking them to stay off my damn servers. Besides a LOIC, I'm looking for ideas.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor