Security Incidents mailing list archives

Re: find_ddos results

From: J C Lawrence <claw () KANGA NU>
Date: Sat, 18 Nov 2000 09:49:37 -0800

On Wed, 15 Nov 2000 13:59:05 -0800
Ryan Russell <ryan () SECURITYFOCUS COM> wrote:

You mentioned a campus security guy... who apparantly declined to
check out what is likely a hacked box on his net.  Is information
security his primary job there?


The system crack rate for student boxes at most colleges I have
talked to has been so high that the local IS/security staff are only
willing to spend time on securing the devices and services for which
they are personally responsible.

Sample statistic: I have a friend who was a prof at UNewMexico.  He
says that he averaged just over 300 portscans per day on his desktop
(detected with PortSentry and Snort), usually with several score
attempted remote exploits thrown in for good measure (wu-ftpd, rpc,
etc).  Tracking such attempts down was obscenely difficult as you
instantly ran into a maze of compromised boxes, none of which kept
even reasonable system logs (as if you could trust them).

Heck, attacks bounced thru open SOCSK proxies are already difficult
enough to track down.

--
J C Lawrence                                       claw () kanga nu
---------(*)                        : http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--

Current thread:

find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
  - Re: find_ddos results J C Lawrence (Nov 21)
    - Re: find_ddos results Ryan Russell (Nov 22)
    - Re: find_ddos results Valdis Kletnieks (Nov 24)
    - Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
  - Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)