|
Security Incidents
mailing list archives
Re: How to cope with, uhm, "mentally challenged" abuse personnel?
From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Tue, 6 Mar 2001 12:18:19 +0100
On Sat, 3 Mar 2001 15:07:43 -0600, Blake Frantz wrote:
A UU.net *router* was
trying to communicate with one of our core routers via TCP on a wide range
of arbitraty ports. When asked, UU.net responded with "The type of
internet traffic you describe appears to be of normal origin." and
referred me to RFC 792 (ICMP) - I almost fell off my chair. None the
This is the same thing they *always* do to me, and most scans I need to report
are RPC and FTP scans.
less, after we recieved their response the activity stopped. Purhaps this
is the same in your case, a first level abuse manager sends out a generic
email to passify wouldbe admins and escalates the incident. Just a
thought.
*Sometimes* the activity stopped, but I had some cases where the activity went
on for days, so I had to black-hole that subnet. But that can't be an optimal
solution, don't you agree? I can't start to blackhole everyone, because some day
I hamper my users in their work... :-(
--
Sign the EU petition against SPAM: L I N U X .~.
http://www.politik-digital.de/spam/ The Choice /V\
of a GNU /( )\
Generation ^^-^^
 By Date 
By Thread
Current thread:
- How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Utopian Admin (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Blake Frantz (Mar 03)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Ralf G. R. Bergs (Mar 06)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Gary Maltzen (Mar 04)
- Re: How to cope with, uhm, "mentally challenged" abuse personnel? Nicholas Bachmann (Mar 06)
|
Intro
