Posts By: Arnd

howto block w00tw00t.isc.sans.dfind:) and other scans using iptables

Posted by & filed under admin.

Lately I recognized the increase of scans for some certain paths resp. not closed connections from user agents containing strings like “w00t.isc.sans.Dfind:)” and variations thereof. The source of these strings were from dialup ip adresses but also from some probably hacked fixed server ip adresses. To get rid of these scans I whipped up a shellscript which scans the apachelogs and utilizes iptables to block these ip adresses.… Read the rest