From owner-freebsd-isp Wed Apr 4 0:46:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id E6FA637B726 for ; Wed, 4 Apr 2001 00:46:05 -0700 (PDT) (envelope-from enno.davids@metva.com.au) Received: (from enno@localhost) by metva.com.au id RAA08839 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 17:45:48 +1000 (EST) From: Enno Davids Message-Id: <200104040745.RAA08839@metva.com.au> Subject: Chasing the kiddies (was: Named Keep crashing) To: freebsd-isp@FreeBSD.ORG Date: Wed, 4 Apr 2001 17:45:48 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org | > | > Is there any way to trace who is doing it? | > Running tcpdump with certain filter settings to avoid logging everything and filling the disk? | > | | Dont bother... Just install the fixed version of bind... | Every kid with a script and an internet connection is probably | doing this to you!!! | This response kind of bothers me. There was a time when everytime I could sanely trace spammers I emailed abuse@wherever.was.relevant to advise them. Similarly, when people probed Apache I'd send off adivsory emails. But only last weekend as I watched yet another clown with a cable modem perform the 1/2 hourly scan of my network for open RPC ports I wondered why I (and I presume others) were no longer doing this. Clearly the sheer volume of morons is one reason. Is anyone still doing this and getting satisfaction? There was a time when if you probed the Apache on my machine it winnuke'd you back. Moral issues aside, there _was_ a great deal of satisfaction there... Needless to say, there's little mileage in this now (damned M$ service packs!). :) Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message