Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Tue, 1 Feb 2000 12:01:28 +1300
On Fri, 28 Jan 2000 19:54:55 +0000 Arrigo Triulzi <arrigo () ALBOURNE COM> wrote:
Patrick Oonk scripsit: |Another Korean scan. Did anyone EVER get ANY reply to an abuse report |from Korea ? Either Koreans cannot read English or they just don't care. I think you'll find that the korean NIC are swamped with security issues at the moment. KRNIC-CERT took the pain to reply to a couple of requests sent from SANS analysts (see http://www.sans.org/giac.htm) regarding scans over New Year's night. There is definitely an issue with machines in Korea being an easy target, mainly Linux boxes without any security patches installed and left wide open. Please do try to write to KRNIC, they might not reply but perhaps they need to see the breadth of the problem regarding their networks.
I second this. I have spoken to people from CCERT-KR (Korean Cert) at the FIRST meeting in Bribsane (june '99) about the number of scans we were seeing then from the .kr domain. They were aware of the problem and asked me to cc reports to them so they could translate them and send them on to the sites. They suggested that language problems were a big factor in non response to incident reports. I suspect that they are now run off their feet now and that is why I nolonger get responses to my reports. It is my personal opinion that most of the scans that we are seeing from the .kr domain are from machines that have been compromised by people working from elsewhere in the world. Most systems seem to be old Linux boxes which have heaps of known problems unless someone has applied a lot of patches. Cheers, Russell.
Current thread:
- Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
- Re: Korea (was RE: ?) Joe User (Feb 01)
- R: Re: Korea (was RE: ?) Raistlin (Feb 03)
- Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)