From owner-freebsd-security Wed Apr 25 3:27:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail1.svr.pol.co.uk (mail1.svr.pol.co.uk [195.92.193.18]) by hub.freebsd.org (Postfix) with ESMTP id 97B8637B423 for ; Wed, 25 Apr 2001 03:27:28 -0700 (PDT) (envelope-from lee@kechara.net) Received: from [195.92.198.123] (helo=mail17.svr.pol.co.uk) by mail1.svr.pol.co.uk with esmtp (Exim 3.13 #0) id 14sMW1-0005Hv-00 for freebsd-security@freebsd.org; Wed, 25 Apr 2001 11:27:21 +0100 Received: from modem-68.ainur.dialup.pol.co.uk ([62.136.100.68] helo=itchy.kechara.org) by mail17.svr.pol.co.uk with esmtp (Exim 3.13 #0) id 14sMW6-0007BF-00 for freebsd-security@freebsd.org; Wed, 25 Apr 2001 11:27:26 +0100 Received: from itchy (bart.kechara.org [192.168.1.2]) by itchy.kechara.org (8.8.8/8.8.8) with SMTP id NAA29875; Thu, 22 Jun 2000 13:18:09 +0100 Date: Sat, 21 Apr 2001 10:23:18 +0100 From: Lee Smallbone X-Mailer: The Bat! (v1.18 Christmas Edition) S/N 3FDB2AD8 Reply-To: Lee Smallbone Organization: Kechara Internet X-Priority: 3 (Normal) Message-ID: <7432.010421@kechara.net> To: Jim Durham Cc: freebsd-security@freebsd.org Subject: Re[2]: Connection attempts References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Jim, Monday, 23 April 2001, you wrote: JD> On Mon, 23 Apr 2001, Michael S Scheidell wrote: >> In local.freebsd.security, you wrote: >> > >> >Script kiddies..just ignore it and get used to it. >> >> I don't suggest ignoring the 'kiddies' that walk down the street trying to >> see if my windows are open either. >> >> 80% of these systems have bveen compromized, and the owner doesn't even >> know it. >> >> Wouldn't you like to take these systems off the net? >> You want one of them to run against your system (if you miss a security >> bulitin?) >> >> its easy enough to log and alert the isp. >> >> JD> I don't know what you folks' experience has been, but I've had JD> almost no luck with alerting ISPs to these problems. A lot of JD> this stuff comes from Korea and Chekoslovokia and I get no JD> responses from the ISPs. You should see my intrusion database... 93% from Korea, Taiwan and the likes. The rest from interesting places such as Hungaria. There is never any response from ISPs. Solution a) grin and bare it (is that really a solution though?). Solution b) actively firewall connections from these places (blanket bans are never a great idea though.) Solution c) anyone? This could make for an interesting debate. Best regards, Lee Smallbone lee@kechara.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message