RE: Scans Observed by Officer Friendly

["R. DuFresne" <dufresne () sysinfo com>]

It's a shame things have gotten to be the way they are now.  I suspect
that if you had something on your system to log all the trash that was
tossed your way that you would have seen that far more ports were being
probed and prodded, at least until they found the ones you have open for
fake replies.  Of course, I tend to feel that by running something like
'Officer Friendly', one is inviting more then mere probes and encouraging
folks to 'stick around' longer.  Kinda like leaving the garage door open
with tons of neat stuff inside to 'fiddle' with, if there was nothing
there, most move on to probe someplace else.  Though it;s hard to find the
info, I've found what hits home fastest is when a raw newbie probes and I
get an e-mail address, that I not only e-mail the abuse@ folks, but also
include their e-mail address in the complaint.  Damned little runts start
to crap bricks, and I've logged all sorts of apologies and 'mistakes' <as
they have claimed>.  As I've said in the past, it;s discouraging.  I one
time a short while ago succeeded in getting 7 accounts and a website taken
down, the admins in question were great in letting me know what was up,
and who was responsible for damages.  We let the damages slide though,
perhaps a BIG mistake, for less then a month later all accounts had moved
to new sites and the web site is back up again also.  Not to mention that
the client I was connected with at the same time canceled our arrangement
cause they felt they had been 'exposed' by the complaints lodged on both
our behalf.

Thanks,

Ron DuFresne


On Wed, 19 May 1999, Aaron Lewter wrote:

> It is not just Austin, I was hit from 24.93.78.181 which resolves to
> clt78-181.carolina.rr.com. Some PFY tried to open my hard drive for his
> amusement.
>
> Im just glad I have BOF to do the fake replies for me and log it, Or else I
> might have been in for a long strange trip.
>
> So I guess my question is, are we supposed to stand for this and report them
> to whoevercares () domain com or welcome the new playmate?
>
> Aaron Lewter
> Director of Technical Services
> MS Computers Inc.
> 954-424-8004
>
> -----Original Message-----
> From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]
> On Behalf Of R. DuFresne
> Sent: Tuesday, May 18, 1999 9:11 AM
> To:   Darren Reed
> Cc:   rgrimsha () mailbox syr edu; firewall-wizards () nfr net
> Subject:      Re: Scans Observed by Officer Friendly
>
> On Tue, 18 May 1999, Darren Reed wrote:
>
> > In some email I received from Randy Grimshaw, sie wrote:
> > > Where would the address 24.93.46.49 be comming from?
> >
> > 24.* are typically cable-internet blocks of IP addresses.
>
> Name:    cs9346-49.austin.rr.com
> Address:  24.93.46.49
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior consultant:  darkstar.sysinfo.com
>                   http://darkstar.sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!