| cyberanger | I'm not biased | 13:27 |
|---|---|---|
| * cyberanger installs Debian over windows cause the box said windows 10 or better | 13:27 | |
| netritious | howdy folks | 17:28 |
| wrst | hello netritious | 17:34 |
| wrst | how's it going? | 17:34 |
| netritious | hey wrst not to shabby. starting a new project I think. | 17:37 |
| netritious | what have you been up to lately wrst? | 17:38 |
| wrst | me, not a lot just the same ol, same ol, what type of project are you starting? that is if you don't have to kill me after talking about it :) | 17:39 |
| netritious | haha wrst nothing top secret, and my first attempt at an "official" open source project. | 18:20 |
| netritious | I mentioned it in here yesterday...in a nutshell, a set of scripts that will manage ipset and iptables. | 18:21 |
| netritious | which I then hope to port to C or C++ | 18:22 |
| netritious | since yesterday there are now three of us working on it, hoping to get a few more people involved with testing pre- release stuff. | 18:24 |
| netritious | i hope to have it up on github in the next few weeks, maybe as early as this weekend. | 18:24 |
| wrst | cool | 18:27 |
| wrst | yes I saw that when I got in yesterday was away from ye ol' irc most of the day | 18:28 |
| netritious | ah yeah I take breaks too :D | 18:28 |
| netritious | the reason I got started on this was setting up a way to manage the lists form ipdeny, iblocklist, and IP's that trigger fail or error in log entries | 18:29 |
| netritious | it was starting to look a little like spaghetti so I stopped coding and back-tracked, created a plan as to what i wanted out of it, and now working towards it :) | 18:32 |
| netritious | inspired by snort and fail2ban | 18:32 |
| wrst | I would love to be an end user but would horrible until that point, sounds good :) | 18:48 |
| netritious | honestly the end goal is a package for people that want to use it. | 19:08 |
| netritious | it seems ipset is not installed by default on any distro I've looked at so far and a package is a good way to deal with dependencies | 19:10 |
| netritious | I have other plans as well. after a package I plan to start working on a "miserable" module | 19:15 |
| netritious | the idea is to make access sporadic, slow, and unreliable as to make an attacker's experience targeting my server miserable. | 19:15 |
| netritious | inspired by a really old apache module named the same. | 19:16 |
| netritious | anyway, blah blah blah lol | 19:16 |
| wrst | ha ha sounds fun :) | 19:43 |
| wrst | if you know what you are doing | 19:43 |
| netritious | it's a fairly simple ordeal. setup rules in iptables with various rate limits for a series of matching ipset tables. (these tables contain IP addresses.) ... | 19:53 |
| netritious | using cron, schedule IP's to be moved from one set to another. | 19:54 |
| netritious | just keep rotating them between one rate limit to another. Some of the rate limits might give you a taste of what's there, while the others might limit an IP to one connection in an hour. | 19:55 |
| netritious | so the attacker is left scratching their head wondering if the server is worth the trouble since it's so (seemingly) unreliable. | 19:56 |
| netritious | here's a link describing mod_miserable for apache http://linuxbox.co.uk/mod_miserable.php | 19:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!