Security Incidents mailing list archives

RE: ano () ano com ftpd dip.t-dialin.net

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 8 Nov 2002 09:04:01 -0800

  In my previous position, over half of our attempts to
hack in via FTP were coming from addresses managed by 
t-dialin.net.  After the Nth time their admins claimed that
the offending user would be "found and warned", with NO
reduction in such traffic, I was able to make it go away
by blackholing their address blocks.  We weren't getting any
other traffic from them, so this was no problem.

  [The only time one of these probes ever found a server
that would accept an anonymous connection, we fixed that
before it actually got exploited.  So it was more the annoyance
of daily IDS alarms than any substantive threat to the network.]

Dave Gillett





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
  - Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
  - Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
    - Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
    - RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
  - RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)