[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Kali linux

Subject: [ale] Kali linux
From: jdp at algoloma.com (JD)
Date: Thu, 01 Jan 2015 06:46:33 -0500
In-reply-to: <CABq+2YQZaOkV71KPVX3-Y0f6UyGZZOPXu0hyFRJcamG2V9Mz1g@mail.gmail.com>
References: <CABq+2YQZaOkV71KPVX3-Y0f6UyGZZOPXu0hyFRJcamG2V9Mz1g@mail.gmail.com>

On 12/31/2014 11:06 PM, William Wylde wrote:
> I run a personal webserver on an isolated connection, and my logs reveal
> hundreds of failed log- in attempts (particularly from china).  Nmap of the
> various ips reveal suspiciously open ports which make me think that the attacks
> may be coming from a zombie-box.  I intensely hate bot-nets, and have developed
> a desire to track them and destroy as many as I can find- whomever is running
> them, thus I  have recently installed kali in an openbox VM.  Anybody have any
> experience  with  using kali in tracking and destroying such  nets? 

Offensive steps are illegal, almost always. About the most that you should do is
to contact the abuse department at the ISP where the attacking system
originates.  It won't have any effect, but you can try.

When you see attacks, blocking all access from that IP/subnet is just smart.
fail2ban and denyhosts are the normal methods.

If you like, you could setup a honeypot server and use that to learn more about
the botnet.
http://draios.com/fishing-for-hackers/ is a fun read for someone like you. Enjoy.

Follow-Ups:
- [ale] Kali linux
  - From: rajaw at c64.us (Raj Wurttemberg)

Prev by Date: [ale] Kali linux
Next by Date: [ale] Monthly password reminders
Previous by thread: [ale] Kali linux
Next by thread: [ale] Kali linux
Index(es):
- Date
- Thread