From owner-freebsd-security Tue Oct 13 13:18:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA14961 for freebsd-security-outgoing; Tue, 13 Oct 1998 13:18:39 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA14956 for ; Tue, 13 Oct 1998 13:18:36 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id PAA03453; Tue, 13 Oct 1998 15:17:55 -0500 (CDT) Received: from harkol-2.isdn.mke.execpc.com(169.207.64.130) by peak.mountin.net via smap (V1.3) id sma003451; Tue Oct 13 15:17:41 1998 Message-Id: <3.0.3.32.19981013150653.01019394@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 13 Oct 1998 15:06:53 -0500 To: Brett Glass , Darren Reed , grimace@ns.nternet.net (grimace) From: "Jeffrey J. Mountin" Subject: Re: Spoofed connections on port 13223?? Cc: security@FreeBSD.ORG In-Reply-To: <4.1.19981013100624.041b8760@mail.lariat.org> References: <199810131024.DAA04862@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:06 AM 10/13/98 -0600, Brett Glass wrote to Darren Reed: >CERT? Don't bother. They'll respond several months after it's too late >and say, "Oh, dear." > >--Brett > > >At 08:23 PM 10/13/98 +1000, Darren Reed wrote: > >>People, I can understand wanting to bring it to an informal forum, but >>if you seriously think you are under attack then you should contact the >>relevant CERT and talk with them about it. It may be that what you're >>seeing is part of a "bigger picture" that you can't see. >> >>Darren While it may be true that they will take a while to get back to you, at least it will add to their infomation and may help others when summaries are issued. If you read what they have on: http://www.cert.org/tech_tips/incident_reporting.html ---- A.You may receive technical assistance. A primary part of our mission is to provide a reliable, trusted, 24-hour, single point of contact for security emergencies involving the Internet. We facilitate communication among experts working to solve security problems and serve as a central point for identifying and correcting vulnerabilities in computer systems. When you report an incident to us, we can provide pointers to technical documents, offer suggestions on recovering the security of your systems, and share information about recent intruder activity. In our role as a coordination center, we may have access to information that is not yet widely available to assist in responding to your incident. Unfortunately, our limited resources and the increasing number of incidents reported to us may prevent us from responding to each report individually. We must prioritize our responses to have the greatest impact on the Internet community. ---- Rather explicit, but then *they* are not responsible for the security of *your* system. I need to file a report for a recent probe, especially since there has been no response and it produced an unusal error in my SMTP daemon (custom). The activity stopped before the message was sent, but an explanation is in order. I for one don't expect any help, but whatever they did wasn't even close to compromizing the daemon. And the form: ftp://ftp.cert.org/pub/incident_reporting_form Time to file one. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message