Date: Mon, 23 Apr 2001 12:01:53 -0400 (EDT) From: Michael S Scheidell <scheidell@Cerintha.com> To: freebsd-security@freebsd.org Subject: Re: Connection attempts Message-ID: <200104231601.f3NG1rt45478@caerulus.cerintha.com> In-Reply-To: <Pine.BSF.4.21.0104231526270.27876-100000@w2xo.int> References: <200104231229.f3NCTk939079@caerulus.cerintha.com> <Pine.BSF.4.21.0104231526270.27876-100000@w2xo.int>
next in thread | previous in thread | raw e-mail | index | archive | help
In local.freebsd.security, you wrote: >I don't know what you folks' experience has been, but I've had >almost no luck with alerting ISPs to these problems. A lot of >this stuff comes from Korea and Chekoslovokia and I get no >responses from the ISPs. I use mynetwatchman. Its kinda like spamcop for hackers. depending on the port number and/or number of different people he gets attacked from, he will alert the isp on 'first contact' (port 111, 515, some of the windows trojan ports, like subseven or netbus) he has contacts in korea, I don't have to track them down and lart the isp. I can go to web site and see status of 'alerts' and escalated attacks in last 24 hrs I can punch in a suspect ip address and see if it was just me or others that got attacked. There are replys back form many isp's and 'victims' that let us know that 'thank you for reporting that' our client system was hacked into and he didn't even know it was being used to attack others. What you are doing (at least a little) is removing compromised systems by alerting the owners These compromised systems are used to further attack and hack (see news stories on the escalation between us and chinese hackers on the security lists). so, if there is a 2% response back, with no effort on my part but to install the ipfw per scripts, at least thats 2%. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104231601.f3NG1rt45478>