Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: RE: ano@ano.com ftpd dip.t-dialin.net

RE: ano@ano.com ftpd dip.t-dialin.net

From: David Gillett <gillettdavid_at_fhda.edu>
Date: Fri, 8 Nov 2002 09:04:01 -0800

  In my previous position, over half of our attempts to
hack in via FTP were coming from addresses managed by
t-dialin.net. After the Nth time their admins claimed that
the offending user would be "found and warned", with NO
reduction in such traffic, I was able to make it go away
by blackholing their address blocks. We weren't getting any
other traffic from them, so this was no problem.

  [The only time one of these probes ever found a server
that would accept an anonymous connection, we fixed that
before it actually got exploited. So it was more the annoyance
of daily IDS alarms than any substantive threat to the network.]

Dave Gillett

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Nov 08 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]