>
> + From: "<root>" <root @
wolf .
microserve .
com>
> + Subject: Aborting net connections
> + To: firewalls @
GreatCircle .
COM
> + Date: Mon, 29 Apr 1996 15:18:04 -0400 (EDT)
> + Action: Dreams are the stuff that make our Night Mares! :)
> +
> + Is there a method for closing a connection in progress?
>
> Send an ICMP packet. probably a RESET. or, if you're feeling 'creative',
> a REDIRECT, into a 'honey pot'.
>
> +
> + For example, suppose that's I'm a malicious hacker and that I've telneted
> + to a machine to which i have no business accessing. Now suppose that the
> + SysAdmin or SysSecAdmin discovers my connection.
> +
> + Is there a method or procedure that they can use to immediately cut my "feed"
> + from their system to mine?
> +
> + I'm looking for a program that would be used to accomplish this.
> +
> + for the purpose of this scenario, also assume the following:
> +
> + - hosts_access has been circumvented
> + - any security hardware has also failed to prevent unauth. access
> + - the invader is actively connected to system and munging the system.
> + - disconnecting the Internet connection is not available :(
> +
> + N.B. This is only a imaginary scenario.
>
> of course, you drop his connection, and he opens a new one. *then* what??
>
At this pernt, (Archie Bunker's Brooklyn English! i miss him!) hosts_access
can be modified manually or automagically to block the address. this could
be done via pipe to daemon or internal email to daemon whose task it is to
write a proper line to /etc/hosts.deny.
how does that sound?
-brian
lonewolf @
wolf .
microserve .
com
References:
|
|
