Security Incidents mailing list archives
Re: @home: Is *anyone* really home there???
From: ebrockway () EARTHLINK NET (Erick Brockway)
Date: Tue, 29 Feb 2000 19:38:33 -0800
Here's a complaint SOMEBODY will get soon. Somebody want to post a response that will work on ALL these requests? If I had a canned response I could head some of it off (a trickle maybe). Still using Wozz's original post as boilerplate. Erick -----Original Message----- From: Jazereel <jazereel () aol com> Newsgroups: comp.security.firewalls Date: Tuesday, February 29, 2000 1:11 PM Subject: Using Conseal & ZA-Would like to report this geek
Hi, I recently discovered Zone Alarm and it worked well. I then found Conseal,
and
I like it better. The problem is, Zone Alarm isn't notifying me any longer
of
attempted connections or intrusions. I'm just wondering, does anyone know
if
running the two programs can effectively disable the other? Also, I am getting at least 5-10 windows every time I'm signed on...several connection attempts, ICMP blocks...someone tried to send me NetBus the
other
day. Most of the windows say "IP address wants to talk to you" and I
simply
block it which creates a new rule. I'm no hacker guru, just trying to
protect
my privacy and PC. Conseal returns all the information regarding these attempts in....is there anyone out there on the Net who will handle such abuse? I'm a member of
AOL.
I contacted the Research Dept and was informed that unless this user
threatens
my life, they will not act on it. I can't believe there's such an open
black
hole to their member's pc's and they don't have a department which deals
with
intrusions. Any information regarding this would be greatly appreciated. Email is cool. :) Jaz
-----Original Message----- From: Wozz <wozz+incidents () WOOKIE NET> To: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM> Date: Tuesday, February 29, 2000 12:18 PM Subject: Re: @home: Is *anyone* really home there???
On Mon, Feb 28, 2000 at 11:32:39AM -0500, Greg A. Woods wrote:[ On Friday, February 25, 2000 at 18:41:39 (-0700), Wozz wrote: ]Subject: Re: @home: Is *anyone* really home there??? I'm the head of the security department for a large nationwide cable modem provider that is in the exact same situation @home is. We get hundreds and hundreds of complaints a day, often times about how someone's "hacking" them, when in fact, someone misdirected a web browser in their direction.I've had words with the Jammer support folks to try and convince them that (a) this kind of event is not necessarily a "scan" of any type and it is most definitely not a "TCP port scan" when seen on its own, and (b) it's just as likely that the source address is forged, (c) to use a better choice of words and to avoid "hack" and "attack" and their derivatives, and finally (d) to include the IP number of the client at the time of the incident. Unfortunately I don't think I've had any success at convincing them to change anything at all.Jammer is the worst offender. Its gotten to the point where I'm ready to start ignoring Jammer reports, since i think i've had 1 out of maybe 2000 reports from Jammer state anything useful. I've also talked to them abotu this "port scan" message and never got a response.BTW everyone, I really really really detest the misuse of the words "attack" and "hacker" in any of these situations. Wozz put the word in quotes which is correct, but the Jammer folks don't and the Jammer subject line nearly drives me up the wall even before I read the messages! (Yes I manage my own stress level so as to avoid popping any important blood vessels over this! ;-)The overuse of these home "firewall" solutions is making overall security worse, IMHO. I spend a majority of my time at work filtering through stuff like this, and not spending time working on things that would actually
improve
security. Thankfully, I've just recently gotten approval to hire someone
to
just sit there and sift through all this junk for me.
Current thread:
- Re: CNET Hackers hit e-commerce site, (continued)
- Re: CNET Hackers hit e-commerce site Chris Davis (Mar 04)
- Port 65535 Murray, Mike (Mar 02)
- @home: Is *anyone* really home there??? (fwd) Light Of Day (Mar 04)
- Re: Port 65535 Pavel Kankovsky (Mar 04)
- Re: Port 65535 Murray, Mike (Mar 04)
- Re: Port 65535 Richard Bejtlich (Mar 04)
- Re: Port 65535 Keith Pachulski (Mar 06)
- Re: auto-reporting to ISPs wozz () LUVEWE BONCH ORG (Mar 02)
- Re: auto-reporting to ISPs Stuart Staniford-Chen (Mar 06)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: @home: Is *anyone* really home there??? William Annis (Mar 03)
- scans with spoofed address (was @home: Is *anyone*...) Russell Fulton (Mar 07)
- Re: @home: Is *anyone* really home there??? Ville (Mar 03)
- ingreslock message Dino Amato (Mar 05)
- Re: ingreslock message Graeme Fowler (Mar 07)