carl0s

That sounds like a good idea. I think the thing that I had in mind wasn't actually tarpitting. It's something I did on an ssh server regarding the maximum connection attempts per minute. That wasn't actually tarpitting, but it's another Linux iptables feature that could be used alongside tarpitting, and what you've suggested.

On Linux you can easily setup a kind of tarpitting with iptables. Maybe Serv-U FTP has a similar option? See here: http://en.wikipedia.org/wiki/Tarpit_(networking) The idea is that connections are delayed, making brute force attacks awkward and slow. With Linux you can for example only allow three repeated connection attempts every five minutes from the same IP.

Well, what you should do is email relevant parts of your logs to the abuse contact from the whois info for that network: But really, you should check your web server logs.. you'll see thousands of attempts to break in all the time. Virus infected computer are the usual culprit, but I suppose it's good to contact the abuse team anyway. Whether or not they'll actually do anything is another matter. Lots of ISPs have a policy of not revealing any information in response to abuse reports, so there's not much you can do after you've emailed them.

That's cool. I always thought it'd just give the ISPs details, but I just checked another of my customers who has a routed subnet with Demon, and it gives their name, adsl username (!), address, phone etc. Doesn't do that for single IP customers though, only routed subnets. I have a block of IPs too but it's not routed, it's bridged to the ISPs network so doesn't give anything for me. [Carl@mediaxp ~]$ whois 83.104.15.21 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '83.104.15.16 - 83.104.15.23' inetnum: 83.104.15.16 - 83.104.15.23 netname: porcshe-adsl descr: AMT CONTRACT HIRING AND LEASING descr: Leeds LS115WB country: GB admin-c: DM2460-RIPE tech-c: DM2460-RIPE status: Assigned PA mnt-by: AS2529-MNT mnt-lower: AS2529-MNT source: RIPE # Filtered person: Daniel Myers address: AMT CONTRACT HIRING AND LEASING address: Leeds, LS115WB e-mail: danielksaedhiuasdhng.co.uk phone: +44777987987999 nic-hdl: DM2460-RIPE remarks: mnt-by: AS2529-MNT source: RIPE # Filtered % Information related to '83.104.0.0/14AS2529' route: 83.104.0.0/14 descr: DEMON-NET origin: AS2529 remarks: ********************************************************* remarks: * ABUSE CONTACT: [email protected] IN CASE OF INTRUSIONS, * remarks: * ILLEGAL ACTIVITY, ATTACKS, SCANS, PROBES, SPAM, ETC. * remarks: ********************************************************* mnt-by: AS2529-MNT source: RIPE # Filtered

Actually, I'm quite surprised to see your name the whois for your IP. I take it 82.70.254.216 - 82.70.254.223 is your own subnet? [Carl@mediaxp ~]$ whois 82.70.254.222 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '82.70.254.216 - 82.70.254.223' inetnum: 82.70.254.216 - 82.70.254.223 netname: ZEN000029222 descr: Mr Chris Wilson descr: ADSL country: GB admin-c: RT1337-RIPE tech-c: ZIRA1-RIPE status: ASSIGNED PA mnt-by: ZEN-MNT mnt-lower: ZEN-MNT mnt-routes: ZEN-MNT source: RIPE # Filtered role: Zen Internet RIPE Admin address: Zen Internet address: Moss Bridge Road address: Rochdale address: Lancashire address: OL16 5EA address: England phone: +44 845 058 9000 fax-no: +44 845 058 9005 e-mail: [email protected] admin-c: RT1337-RIPE tech-c: DJW5-RIPE tech-c: DAR33-RIPE tech-c: JE273-RIPE nic-hdl: ZIRA1-RIPE mnt-by: ZEN-MNT source: RIPE # Filtered person: Richard Tang address: Zen Internet address: Moss Bridge Road address: Rochdale address: Lancashire address: OL16 5EA address: England phone: +44 845 058 9000 fax-no: +44 845 058 9005 e-mail: [email protected] nic-hdl: RT1337-RIPE mnt-by: ZEN-MNT source: RIPE # Filtered % Information related to '82.68.0.0/14AS13037' route: 82.68.0.0/14 descr: Zen Internet Ltd origin: AS13037 mnt-by: ZEN-MNT source: RIPE # Filtered

It's pretty normal really, I wouldn't worry about it.

I agree, but I could imagine cases where people are forced by those around them to go to a Sharia court.

I've got a customer who's very Christian and poaches half of his staff from church. He likes a good debate though and takes me winding him up in great spirit.

lol

Palin sounds like a Russian name - that should be enough for her to lose the vote. I want the black dude to win

That's an interesting read, thanks. I just had a big worry go through my head. My kid is at school, and they're teaching him creationism over evolution. I tell him "ignore that, it's all bollocks fairy tale stuff", and I get arrested. It doesn't seem too far fetched to think that there could be witch hunts for non-believers of religion.

I missed that Oh well, he'll be out soon. Elections are some time around November aren't they, and inauguration day is.. January ?

Mmmm. That's another reason why Bushy worries me. He's another religious nutcase. "God told me to do it." Didn't Blair say something similar as well? Bloody crackpots the lot of them. If you wanna believe in fairy tales that's all fine but keep it to yourself. When your fairy tales start affecting decisions on things that are very important to other people, well then that's quite worrying.

I just mean I like the "thou shalt not bring religion into government or anything else official" thing. I don't know much else about them

We only found one Kebab shop, but it was nice, although expensive. £30 for three or four kebabs. What's awesome is that they are strictly secular. Political parties suspected of being influenced by religion are disbanded. Ataturk made people dress normally too, and they didn't mind. In fact they embraced "normality"

Did nobody notice this bit: That's OK then I think, unless your family forces you to go to a sharia court.

I agree, religion should be a purely personal thing. I keep saying this but the Turks are awesome.

Apparently you can use group policy to add additional DNS suffixes to the clients if you want to. Without the other domains DNS suffix being added, the clients will try to find "printserver.yourdomain.local" instead of "printserver.otherdomain.local". If you add otherdomain.local or whatever as an additional DNS suffix they'll try the first one, then the second one, and the local DNS server will forward the request to otherdomain.local's DNS server. I'm pretty sure it works, I have a site that's two totally separate domains but they share the one router and I've had to get them printing to a shared non-network printer in the other domain and that's roughly what I did.

Actually, I just noticed he said "The ip address of the print server". I thought it was a workstation, sorry Aye, he should just use tcp/ip and not bother with SMB. I'm not sure I've seen a JetDirect that does authentication though..

Because if it was a network printer you'd just set it up as a tcp/ip / lpr network printer on the client (as you have suggested), rather than over SMB like he's trying to do. The fact that it's shared off the back of a computer suggests it's less likely to be an IP printer, not more likely, although it is convenient to share via SMB as that saves having to install drivers and configure ports. The "print server" in this case is the computer it's connected to.

I'm guessing it's not a network printer.

You could fix your DNS too. Add a forwarder on domain A's DNS server for "otherdomain.local" pointing to domain B's DNS server, and add the domain suffix of the other domain to the clients. This should allow you to use computer names in the UNC paths.

Don't know VBscript, but you can go to Manage Network Passwords through User Accounts and put something like: server :*.theotherdomain.local name : theotherdomain\ausername password: thepassword Which will save the credentials for the other domain. You'd have to do that on each computer though

My £80-odd quid one was for the rear!