[pmwiki-devel] Slightly OT: Experiences protecting server against attacks
ThomasP
pmwiki at sigproc.de
Thu Mar 27 06:25:13 CDT 2008
To elaborate the idea with the black list, things would work like this:
On some servers, the respective hosters would install intrusion detection
software. Whenever an intrusion attempt is detected, the malicious ip
address is communicated to a central server that registers it a
compromised machine.
"Consumer" servers can then more or less regularly query the black list
server to obtain a list of bad ips or to simply query the status of an ip.
So far the trivial basics. Questions of abuse and speed would remain
obviously, but in general with this principle one could "reuse" a certain
fraction of all internet servers as honeypot.
To avoid the abuse of someone alerting a good machine as evil, one would
have to restrict the privilege to alert to hand-chosen server
administrators (as a first simple remedy). Distribution of the blacklist
could involve donated mirrors.
Any ideas on this?
Thomas
More information about the pmwiki-devel
mailing list