From owner-freebsd-security Mon Apr 23 9: 2: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from caerulus.cerintha.com (caerulus.cerintha.com [207.18.92.26]) by hub.freebsd.org (Postfix) with ESMTP id DD74F37B424 for ; Mon, 23 Apr 2001 09:01:55 -0700 (PDT) (envelope-from scheidell@Cerintha.com) Received: (from scheidell@localhost) by caerulus.cerintha.com (8.11.3/8.11.3) id f3NG1rt45478; Mon, 23 Apr 2001 12:01:53 -0400 (EDT) Date: Mon, 23 Apr 2001 12:01:53 -0400 (EDT) From: Michael S Scheidell Message-Id: <200104231601.f3NG1rt45478@caerulus.cerintha.com> To: freebsd-security@freebsd.org Subject: Re: Connection attempts In-Reply-To: References: <200104231229.f3NCTk939079@caerulus.cerintha.com> Reply-To: scheidell@fdma.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In local.freebsd.security, you wrote: >I don't know what you folks' experience has been, but I've had >almost no luck with alerting ISPs to these problems. A lot of >this stuff comes from Korea and Chekoslovokia and I get no >responses from the ISPs. I use mynetwatchman. Its kinda like spamcop for hackers. depending on the port number and/or number of different people he gets attacked from, he will alert the isp on 'first contact' (port 111, 515, some of the windows trojan ports, like subseven or netbus) he has contacts in korea, I don't have to track them down and lart the isp. I can go to web site and see status of 'alerts' and escalated attacks in last 24 hrs I can punch in a suspect ip address and see if it was just me or others that got attacked. There are replys back form many isp's and 'victims' that let us know that 'thank you for reporting that' our client system was hacked into and he didn't even know it was being used to attack others. What you are doing (at least a little) is removing compromised systems by alerting the owners These compromised systems are used to further attack and hack (see news stories on the escalation between us and chinese hackers on the security lists). so, if there is a 2% response back, with no effort on my part but to install the ipfw per scripts, at least thats 2%. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message