Re: Connection attempts

From: Michael S Scheidell (scheidell@Cerintha.com)
Date: 04/23/01

Next message: Crist Clark: "Re: Q: Impact of globbing vulnerability in ftpd"
Previous message: Jim Durham: "Re: Connection attempts"
In reply to: Jim Durham: "Re: Connection attempts"
Next in thread: Lee Smallbone: "Re[2]: Connection attempts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 23 Apr 2001 12:01:53 -0400 (EDT)
From: Michael S Scheidell <scheidell@Cerintha.com>
To: freebsd-security@freebsd.org

In local.freebsd.security, you wrote:
>I don't know what you folks' experience has been, but I've had
>almost no luck with alerting ISPs to these problems. A lot of
>this stuff comes from Korea and Chekoslovokia and I get no
>responses from the ISPs.

I use mynetwatchman.

Its kinda like spamcop for hackers.
depending on the port number and/or number of different people he gets
attacked from, he will alert the isp on 'first contact' (port 111, 515,
some of the windows trojan ports, like subseven or netbus)

he has contacts in korea, I don't have to track them down and lart the
isp.

I can go to web site and see status of 'alerts' and escalated attacks in
last 24 hrs

I can punch in a suspect ip address and see if it was just me or others
that got attacked.

There are replys back form many isp's and 'victims' that let us know that
'thank you for reporting that' our client system was hacked into and he
didn't even know it was being used to attack others.

What you are doing (at least a little) is removing compromised systems by
alerting the owners

These compromised systems are used to further attack and hack

(see news stories on the escalation between us and chinese hackers on the
security lists).

so, if there is a 2% response back, with no effort on my part but to
install the ipfw per scripts, at least thats 2%.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Crist Clark: "Re: Q: Impact of globbing vulnerability in ftpd"
Previous message: Jim Durham: "Re: Connection attempts"
In reply to: Jim Durham: "Re: Connection attempts"
Next in thread: Lee Smallbone: "Re[2]: Connection attempts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Attempted Intrusions
... or a compromised system doing an automated attack on random networks. ... >I am seriously considering filing suit against the major ... >offending ISPs for not only providing the means for their ... they're giving the customer safe ...
(microsoft.public.security)
Re: Plusnet Users
... Steve wrote: ... What concerns me in this attack is that it used previously unknown vulnerabilities and that those vectors are unpatchable. ... A lot of ISPs use this software and I'm wondering what they are going to do about these flaws. ...
(uk.people.silversurfers)