nanog mailing list archives
Re: Operational impact of filtering SMB/NETBIOS traffic?
From: "Jeremy T. Bouse" <undrgrid () toons UnderGrid net>
Date: Mon, 20 Nov 2000 00:12:34 -0500
David Avery was said to been seen saying:
I would hope leased line/colo machines would be better set up, but I am probably dreaming.
One would think this to be true but I have found it quite often to be the opposite... I've had to deal with countless intrusion attempts against our network only to find that the box attacking me had been owned by some script kiddie on the net because the admin of the box had failed to secure it before placing it online... I've found this to be true with school districts (had one in Colorado a several weeks ago) and commercial companies (had a company in Dallas, TX right after the school district incident)... In fact in the case of the Colorado school district attempt I had the admin tell me he had only put the machine online on Thursday, however by Sunday I had already recorded attempts from it...
Just for referance I an one of the net/security admins at distributed.net and there are a number of win* worms running arounf in the wild carrying the distributed.net client as part of their payload. So far in the past 3 months ( since the worms appeared) I have logged over 400,000 unique IP addresses returning data to distributed.net from installs created by the worms. We have spot checked a number of these IPs and find win9x boxes with open C shares and signs on multiple infestation including QAZ and other DDoS payloads.
This would not surprise me at all... I've noticed quite a few
QAZ style signature attempts coming from repeated Cable & Wireless IP blocks
recently... As I'm on a C&W backbone I'm routinely scan'd by other C&W
IPs which have been infect'd and some have even been from clients of my
own ISP...
Respectfully,
Jeremy T. Bouse
UnderGrid Network Services, LLC
--
,-----------------------------------------------------------------------------,
| Jeremy T. Bouse - UnderGrid Network Services, LLC - www.UnderGrid.net |
| All messages from this address should be atleast PGP/GPG signed |
| Public PGP/GPG fingerprint and location in headers of message |
| If received unsigned (without requesting as such) DO NOT trust it! |
| undrgrid () UnderGrid net - NIC Whois: JB5713 - Jeremy.Bouse () UnderGrid net |
`-----------------------------------------------------------------------------'
Attachment:
_bin
Description:
Current thread:
- Re: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Adam McKenna (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Ethan Butterfield (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? David Avery (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jeremy T. Bouse (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Message not available
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Bennett Todd (Nov 20)