Security Incidents mailing list archives
Re: ano () ano com ftpd dip.t-dialin.net
From: TOK <skybound () inbox lv>
Date: 08 Nov 2002 07:40:09 +0100
On Don, 2002-11-07 at 17:52, Dave Laird wrote:
Good morning, everyone...
...
Another possible alternative, at least if you are using Linux running IPTables is to move your FTP server *inside* the firewall, to an internal IP of your choosing and severely constrain access to it using a well-chosen IPTables script. Of course, if you are as road-weary as I am of the games that dip.t-dialin.net users have attempted in the past, simply firewall them entirely by their IP's. It's crude, it's rude, and perhaps not even good policy, but it certain cuts down the volume of spurious traffic of all kinds. [Standard Disclaimer] "Of course, I could be *WRONG* about anything I say, but then I learned everything I know about networking from a pragmatic wizard." Dave -- Dave Laird (dlaird () kharma net) The Used Kharma Lot
did you know that (practically) all Telekom users don't have a static IP? dialin and ADSL line IPs are chosen from quite large pools, during the last week my box got IPs within 80.134/16, 217.226/16 and 217.84/16. lines sold to companies or high end DSL may include a static IP, but anyone doing ~funny~ stuff through one of these would be worse than a script kid. so by blocking single IPs, you'll block anyone (but no one specific) and only dropping all packets from all Telekom subnets (to that service) will have the desired effect. if you're advising to do such, to get rid of some warez guys probing for anon ftp, i'd like to comment, that imho you are breaking a butterfly on a wheel. concerning the username (other posts), google shows: a) ano maybe a valid email (www.ano.com exists) b) can be found in ftpd logs all over the world c) besides it is quicker to type than anonymous and easily recognizable as valid email == passwd probably no conspiracy here ;-( best regards, tok ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
- RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
- RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)