Firewall Wizards mailing list archives
Re: Scans Observed by Officer Friendly
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 18 May 1999 17:43:19 -0500 (CDT)
One of the reasons I was so reluctant in going along with an online database, not only being that spoofed ip's are going to fuzz up that database, but the fact that scans, and attacks are indeed soooo prevalent that I have yet to run into an ISP that does much more then sendout a 'canned response' to such activities. There was a very short time that I not only logged each offense, I would send logs and every little bit of crap that I could to the abuse depts of these places. There was only one time that I got not only swift interdiction in such BS going on out here, and was kept fully informed of the results of their investigation and the resultant loss of acctounts to the offenders. Of course, this was not do to a mere probing, but a fullfledged DOS. Damn, if I were to lodge complaints about mere port scans, I'd perhaps be doing so 5-6 times a day, on a slow one. We still suffer hte occasional smurf, and do lodge complaints of that magnitude, and still, recieve only 'canned replies'. And since smurfs so well hide to offenders, even when one knows for a fact where they orriginate, due to other activities, you'll find that the ISP's are quick to 'chuckle' and just turn their heads away. Good luck, Ron DuFresne On Tue, 18 May 1999, Randy Grimshaw wrote:
I appreciate everyone's feedback regarding this observed scan. When I wrote, I was confused by a DNS failure, apparently temporary, such that nslookup didn't successfully resolve the address. I have written to abuse () rr com and included the *full* logs. What I got back was an automated response that effectively says thank-you, now go away... which may be all that I can expect. We (at Syracuse) DO follow through and "smack" people but I can't say that we always respond to the original complaint with any follow through. <><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779 On Tue, 18 May 1999, chuck wrote:So how open is TimeWarner going to be to figuring out who had that address at the time that you (don't) note and going out and smacking someone upside the head? Quoting Randy Grimshaw (rgrimsha () mailbox syr edu):Where would the address 24.93.46.49 be comming from? Is this an annoyance or a masqerade? My 'Officer' noticed BO_PING sweep and BO_FILEFIND attempts on Friday night and Sunday night. <><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Re: Scans Observed by Officer Friendly, (continued)
- Re: Scans Observed by Officer Friendly chuck (May 18)
- Re: Scans Observed by Officer Friendly Randy Grimshaw (May 18)
- Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins chuck (May 19)
- Re: Responsiveness of remote admins Lance Spitzner (May 19)
- Re: Responsiveness of remote admins Tim Kramer (May 21)
- Re: Responsiveness of remote admins Philip S Holt (May 21)
- Re: Norton AV for Firewalls mht (May 21)
- Re: Scans Observed by Officer Friendly Randy Grimshaw (May 18)
- Re: Responsiveness of remote admins R. DuFresne (May 21)
- Re: Scans Observed by Officer Friendly chuck (May 18)
- Re: Responsiveness of remote admins Craig H. Rowland (May 21)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
- Re: Scans Observed by Officer Friendly Larry Chin (May 21)
- RE: Scans Observed by Officer Friendly James D. Wilson (May 22)