On Aug 13, 2004, at 9:15 AM, Josh Trutwin wrote:

> On Fri, 13 Aug 2004 08:31:05 -0500
> "John T. Hoffoss" <john.t.hoffoss at gmail.com> wrote:
>
>> The answer!
>>
>> Visit
>> http://216.239.59.104/search?q=cache:rwdycvp0zwoJ:www.geocities.com/ 
>> tomhudson411/log_breakin_attempts/+&hl=en
>
> Thanks!
>
> <snip>
>
>> 	RewriteEngine on
>> 	RedirectMatch permanent (.*)command.com(.*)$
>> "http://REPLACE_WITH_YOUR_SERVERS_IP/goaway.php?cmd=command.com"
>
>

This guys script shows the attacker a list of other machines that have  
attacked your box. IIRC (and feel free to correct me), a lot of these  
attacks (default.ida?) are coming not from script kiddies but  
automatically from machines that have been compromised. So in effect,  
you're giving the attacker a ready made list of boxes that may already  
have backdoors on them that they may be able to exploit.

That's like telling a burglar 'I know you're there," and then adding,  
"but my neighbor's house is unlocked."

Steve


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list