Date: Wed, 1 Mar 2000 13:16:32 -0600 (CST) From: James Wyatt <jwyatt@rwsystems.net> To: cjclark@home.com Cc: freebsd-security@freebsd.org Subject: Re: @Home Server Scanner? Message-ID: <Pine.BSF.4.10.10003011243200.10632-100000@bsdie.rwsystems.net> In-Reply-To: <20000301113847.B37590@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You aren't the only one who's swearing at it. 8{)
@Home had so many folks (users and cable companies) with security holes
installed (esp broken default WinGate settings!) that it reached critical
mass. When threatened with a UDP (UseNet Death Penalty where their news
peers would disconnect from them), they suddenly had a scanner working and
were cleaning up shop with a *big* mop. A lot of local cable companies had
NNTP proxies that were wide open - meaning zero-admin for them, but open
relays for spamming.
Various other holes have been exploited for DDoS purposes. Think of all
those Windows/Linux/etc machines out there with security holes, constant
decent connection, and eternal power as a Matrix for running a DDoS
simulation or DES keyspace carve-up-and-crack... I've gotta watch
that movie again... (^_^)
I applaud their efforts to tighten their affiliates' infrastructures and
the great numbers of client machines. Now if we can get the DSL ISPs to
check once in a while or look for attacks, we'll all be better off. - Jy@
On Wed, 1 Mar 2000, Crist J. Clark wrote:
> I appear to be scanned regularly by an @Home host,
>
> Name: ops-scan.home.net
> Address: 24.0.94.130
>
> It has been scanning my NNTP (119) port several times a day since the
> beginning of February. Previous to that, it liked to check my HTTP
> port (80) several times a day. That behavior dates to when I started
> logging on the firewall in January.
>
> Anyone know anything about that host? Any other @Home users seeing
> this too? My assumption is that it is @Home scanning for "illegal"
> servers on their network.
>
> This machine has earned a,
>
> deny log ip from 24.0.94.130 to any
>
> In my firewall for now.
> --
> Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003011243200.10632-100000>