Security Incidents mailing list archives
Re: ano () ano com ftpd dip.t-dialin.net
From: Dave Laird <dlaird () kharma net>
Date: Thu, 7 Nov 2002 08:52:18 -0800
Good morning, everyone... On Wednesday 06 November 2002 11:54 pm, Ralf G. R. Bergs wrote:
On Wed, 06 Nov 2002 16:50:13 -0500, Owen McCusker wrote:
Has anyone else seen this type of activity from dip.t-dialin.net or dipsters for short. ;-)?Sure, I see it all day. What they're trying to achieve is determine whether you have an "open" FTP server which allows them to store "warez" and download them again. A simple countermeasure against this is to give files that are uploaded to your "incoming" directory permissions so that anonymous users can't access them anymore. You can even prohibit them from reading the directory's contents so that they don't even see which files are stored inside the directory.
Another possible alternative, at least if you are using Linux running IPTables is to move your FTP server *inside* the firewall, to an internal IP of your choosing and severely constrain access to it using a well-chosen IPTables script. Of course, if you are as road-weary as I am of the games that dip.t-dialin.net users have attempted in the past, simply firewall them entirely by their IP's. It's crude, it's rude, and perhaps not even good policy, but it certain cuts down the volume of spurious traffic of all kinds. [Standard Disclaimer] "Of course, I could be *WRONG* about anything I say, but then I learned everything I know about networking from a pragmatic wizard." Dave -- Dave Laird (dlaird () kharma net) The Used Kharma Lot Fortune Random Thought For the Minute This screen intentionally left blank. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
- RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
- RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)