Re: How the Chicom got my IP address???
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Fri, 06 Jun 2008 15:06:57 -0500
On Fri, 6 Jun 2008, in the Usenet newsgroup comp.security.misc, in article
<ca7d8fdd-7911-4b7b-a7a7-893a4c6c0563@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Lito
Lipad wrote:
NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.
Doug McIntyre <mer...@xxxxxxxxx> wrote:
Lito Lipad <bwaw...@xxxxxxxxx> writes:
Everytime I look at my NAS ftp flog, I see all this Chicom IP's. <A0>How
in hell they get into my IP address? <A0>I got 400 recorded attempts to
login as Administrator.
If you don't want people from country $FOO attempting to connect to your
system, WHY ARE YOU ALLOWING CONNECTIONS FROM THAT BLOCK OF ADDRESSES?
Do you someday plan on visiting Jilin province (the Chinese "state"
just North of Korea), and will need to connect to your system from
there? Until you do, block 222.168.0.0/15. A better solution is to
block ALL except the addresses/ranges you _need_ access from. (My
firewall allows connections through from a /22 and two /24s "outside"
because I can't see any reason to allow connections from you or anyone
else that I haven't approved in advance, and I really don't expect
authorized users to be connecting from Korea, Kenya, Kuwait or
Kazakhstan or a lot of other places either.)
The scripts go through and try to log into *every IP address* as
Administrator and common stupid passwords. Its not you they are after,
they are just looking for open places they can go in in general.
And they also try 'root' in addition to 'Administrator', so it's not
just a windoze thing.
If they didn't get the occasional hit that let them in, they wouldn't
bother..
But people are lazy/stupid/whatever and put stupid easy passwords up
on common services listening wide open on the Net.
You may recall that the 'Deloder' worm had great success in March 2003
trying just 86 "passwords" such as
"" 1234567 a ihavenopass pwd
0 12345678 aaa login qwer
000000 123456789 abc love root
007 123abc abcd mypass123 server
1 123asd admin mypc sex
(that first one is an empty string - no password at all).
My NAS running Linux OS as firmware o 'Administrator' is not even a
valid username. It is set up in my router as virtual FTP server
instead of DMZ.
So give them time and continued access, and they'll eventually start
trying other usernames like 'root' or 'toor' or a lot more. And the
reason you think everyone in the world should have access to your
system is what exactly?
Old guy
.
- Follow-Ups:
- Re: How the Chicom got my IP address???
- From: reader
- Re: How the Chicom got my IP address???
- References:
- How the Chicom got my IP address???
- From: Lito Lipad
- Re: How the Chicom got my IP address???
- From: Doug McIntyre
- Re: How the Chicom got my IP address???
- From: Lito Lipad
- How the Chicom got my IP address???
- Prev by Date: Re: Compromised email accounts
- Next by Date: Re: Compromised email accounts
- Previous by thread: Re: How the Chicom got my IP address???
- Next by thread: Re: How the Chicom got my IP address???
- Index(es):
Relevant Pages
|
