[ale] Kali linux

JD jdp at algoloma.com
Thu Jan 1 06:46:33 EST 2015


On 12/31/2014 11:06 PM, William Wylde wrote:
> I run a personal webserver on an isolated connection, and my logs reveal
> hundreds of failed log- in attempts (particularly from china).  Nmap of the
> various ips reveal suspiciously open ports which make me think that the attacks
> may be coming from a zombie-box.  I intensely hate bot-nets, and have developed
> a desire to track them and destroy as many as I can find- whomever is running
> them, thus I  have recently installed kali in an openbox VM.  Anybody have any
> experience  with  using kali in tracking and destroying such  nets? 

Offensive steps are illegal, almost always. About the most that you should do is
to contact the abuse department at the ISP where the attacking system
originates.  It won't have any effect, but you can try.

When you see attacks, blocking all access from that IP/subnet is just smart.
fail2ban and denyhosts are the normal methods.

If you like, you could setup a honeypot server and use that to learn more about
the botnet.
http://draios.com/fishing-for-hackers/ is a fun read for someone like you. Enjoy.



More information about the Ale mailing list