Re: "Don't panic"?
From: Nico Kadel-Garcia (nkadel@bellatlantic.net)Date: 01/30/02
- Next message: Nico Kadel-Garcia: "Re: Solaris NIS+ authentication and ssh 3.1.0"
- Previous message: Richard Silverman: "Re: "Don't panic"?"
- In reply to: Richard Silverman: "Re: "Don't panic"?"
- Next in thread: Mike Iglesias: "Re: "Don't panic"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net> Date: Wed, 30 Jan 2002 02:05:33 GMT
"Richard Silverman" <res@des.jhy.us.ml.com> wrote in message
news:m1lk7u0ls31.fsf@sys1.des.jhy.us.ml.com...
> >>>>> "MI" == Mike Iglesias <iglesias@draco.acs.uci.edu> writes:
>
> MI> It's probably someone who's looking for vulnerable ssh servers so
> MI> they can hack the system. It appears that the IP address belongs
> MI> to Telstra Internet, so try abuse@telstra.net.
>
> What "abuse" would you have him report? He has a box connected to the
> Internet, with an SSH server accepting connections from anywhere. Someone
> connected to it, exchanged a few bytes according the SSH protocol, then
> disconnected. That's not abuse; it's what's supposed to happen.
Richard, I've been seeing a *lot* of system scans over the last few months.
People are breaking into one vulnerable box and using it as a springboard to
scan entire networks. Reporting such random connection attempts helps track
the penetrated machines so that the administrators can get them cleaned up:
I've personally found such reports about my own network to be quite useful
in finding un-secured machines at my new job.
- Next message: Nico Kadel-Garcia: "Re: Solaris NIS+ authentication and ssh 3.1.0"
- Previous message: Richard Silverman: "Re: "Don't panic"?"
- In reply to: Richard Silverman: "Re: "Don't panic"?"
- Next in thread: Mike Iglesias: "Re: "Don't panic"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
