From owner-freebsd-stable Thu Dec 27 19:19:16 2001 Delivered-To: freebsd-stable@freebsd.org Received: from dsl092-161-075.wdc1.dsl.speakeasy.net (dsl092-161-075.wdc1.dsl.speakeasy.net [66.92.161.75]) by hub.freebsd.org (Postfix) with SMTP id 8CE9937B405 for ; Thu, 27 Dec 2001 19:19:10 -0800 (PST) Received: (qmail 95957 invoked by uid 1003); 28 Dec 2001 03:33:34 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Dec 2001 03:33:34 -0000 Date: Thu, 27 Dec 2001 22:33:34 -0500 (EST) From: Jerome Jahnke X-Sender: jahnke@dsl092-161-075.wdc1.dsl.speakeasy.net To: Peter Ong Cc: "Julien B." , freebsd-stable@FreeBSD.ORG Subject: Re: Trying NT Hacks In-Reply-To: <018901c18f4c$22402480$0101a8c0@haloflightleader.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I think they just start from their own IP number and work their way up and down. I still use dialup, my router dials in and connects my network. I have a small job which lets me know what IP Address my network is on and I only let port 80 through my firewall. I still get 10 or so of these a day. Very often they are from same top level IP space as my dialup provider, which tends to make me think the sowftware was written to start with it's own address and work it way out. Jer, On Thu, 27 Dec 2001, Peter Ong wrote: > Really... I just wonder how they figure out the IPs, other than randomly > guessing. Someone did mention that, and I guess there really aren't that > many IP addresses that a computer could randomly generate in a short amount > of time without covering the whole spectrum. > > Peter > ----- Original Message ----- > From: "Julien B." > To: "Peter Ong" > Cc: > Sent: Thursday, December 27, 2001 6:57 PM > Subject: Re: Trying NT Hacks > > > > On Thu, Dec 27, 2001 at 06:39:58PM -0800, Peter Ong wrote: > > > I don't know what it is with some people. I post my site here today > because > > > I was wondering about why the initial page was gibberrish, and then I > get > > > crackers. I finally get home, and I'm reviewing my log files, and I'm > > > seeing some folks trying to use IIS/NT exploits on my FreeBSD machine. > It's > > > infuriating. > > > > > > > My logs are full of these too, and getting bigger and bigger everyday. > Most of > > these "attacks" comes from some Windows worms. I'm totally amazed through, > as > > i get one such connection every 10 minuts, and my web server is not even > > public. > > > > Regards > > > > Julien B > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message