RE: AOL hackings

["Jonathan A. Zdziarski" <jonathan () cafejesus com>]

what annoys me isn't the number of hacks from AOL, it's the fact that their
abuse department is always slow to respond and sometimes, doesn't do
anything.  Looks like some other folks on this list have the same problem.
Hacks in themselves are nothing more than an annoyance, but it's insulting
when the ISP doesn't do anything about it.  At least this way they could be
lazy since packets wouldn't come through.

As for AOL users being technically inefficient, I'm sure there are some
geniuses using AOL, but the fact that my servers are still running says they
can't be the brightest black hats out there.

-----Original Message-----
From: Lampe, John W. [mailto:JWLAMPE () GAPAC com]
Sent: Thursday, August 02, 2001 4:40 PM
To: 'Jonathan A. Zdziarski '; 'incidents () securityfocus com '
Subject: RE: AOL hackings


Despite the fact that AOL is one of the larger ISP's (largest?), I only get
a handful of scans from their blocks...Their track record is better than
most...Are you presuming that AOL users are not technically efficient, and
hence shouldn't be scanning anyone's machine?

If I'm going to gripe about ISP's, there are some other big ones out there
which regularly contribute to my IDS logs week after week on a much larger
scale than AOL ever has....

John Lampe


-----Original Message-----
From: Jonathan A. Zdziarski
To: Seung Kevin; incidents () securityfocus com
Sent: 8/2/01 2:49 PM
Subject: RE: AOL hackings

OK so if this is happening to everyone why can't AOL put some poilcies
in
place to prevent port scans and other nuissances? AOL, being mostly a
content provider rather than an ISP, should be able to block outgoing
packets targeted to most ports, no? What does the average AOL user need:
80,
21, 22, 23 (eek), 6667-7777, 110, 443, and maybe a handful of
others...looking at my logs it's obvious they're not blocking many or
any
ports at all.   I miss the days when AOL wasn't wired directly to the
internet.

-----Original Message-----
From: Seung Kevin [mailto:kseung () buckconsultants com]
Sent: Thursday, August 02, 2001 2:45 PM
To: 'Jonathan A. Zdziarski'; incidents () securityfocus com
Subject: RE: AOL hackings



Yes, this has happen to us a few times.


        -----Original Message-----
        From:   Jonathan A. Zdziarski [SMTP:jonathan () cafejesus com]
        Sent:   Thursday, August 02, 2001 10:16 AM
        To:     incidents () securityfocus com
        Subject:        AOL hackings

        I've noticed some user[s] from AOL have been running port scans
on
our
        systems, and even tried to make SSH connections to our boxes
(which
are
        libwrapped).  Just wondering if anyone else is experiencing this
from AOL's
        network.




------------------------------------------------------------------------
----
        This list is provided by the SecurityFocus ARIS analyzer
service.
        For more information on this free incident handling, management
        and tracking system please see: http://aris.securityfocus.com
*****************************************************************
DISCLAIMER:   The information contained in this e-mail may be
confidential
and is intended solely for the use of the named addressee.  Access,
copying
or re-use of the e-mail or any information contained therein by any
other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com