Security Incidents mailing list archives
Re: ano () ano com ftpd dip.t-dialin.net
From: TOK <skybound () inbox lv>
Date: 08 Nov 2002 07:40:09 +0100
On Don, 2002-11-07 at 17:52, Dave Laird wrote:
Good morning, everyone...
...
Another possible alternative, at least if you are using Linux running IPTables
is to move your FTP server *inside* the firewall, to an internal IP of your
choosing and severely constrain access to it using a well-chosen IPTables
script. Of course, if you are as road-weary as I am of the games that
dip.t-dialin.net users have attempted in the past, simply firewall them
entirely by their IP's. It's crude, it's rude, and perhaps not even good
policy, but it certain cuts down the volume of spurious traffic of all kinds.
[Standard Disclaimer] "Of course, I could be *WRONG* about anything I say,
but then I learned everything I know about networking from a pragmatic
wizard."
Dave
--
Dave Laird (dlaird () kharma net)
The Used Kharma Lot
did you know that (practically) all Telekom users don't have a static
IP? dialin and ADSL line IPs are chosen from quite large pools, during
the last week my box got IPs within 80.134/16, 217.226/16 and 217.84/16.
lines sold to companies or high end DSL may include a static IP, but
anyone doing ~funny~ stuff through one of these would be worse than a
script kid.
so by blocking single IPs, you'll block anyone (but no one specific) and
only dropping all packets from all Telekom subnets (to that service)
will have the desired effect.
if you're advising to do such, to get rid of some warez guys probing for
anon ftp, i'd like to comment, that imho you are breaking a butterfly on
a wheel.
concerning the username (other posts), google shows:
a) ano maybe a valid email (www.ano.com exists)
b) can be found in ftpd logs all over the world
c) besides it is quicker to type than anonymous and easily recognizable
as valid email == passwd
probably no conspiracy here ;-(
best regards,
tok
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
- RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
- RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)