Security Incidents mailing list archives
RE: ano () ano com ftpd dip.t-dialin.net
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 8 Nov 2002 09:04:01 -0800
In my previous position, over half of our attempts to hack in via FTP were coming from addresses managed by t-dialin.net. After the Nth time their admins claimed that the offending user would be "found and warned", with NO reduction in such traffic, I was able to make it go away by blackholing their address blocks. We weren't getting any other traffic from them, so this was no problem. [The only time one of these probes ever found a server that would accept an anonymous connection, we fixed that before it actually got exploited. So it was more the annoyance of daily IDS alarms than any substantive threat to the network.] Dave Gillett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 06)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Rainer Duffner (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Dave Laird (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net TOK (Nov 08)
- RE: ano () ano com ftpd dip.t-dialin.net David Gillett (Nov 08)
- Re: ano () ano com ftpd dip.t-dialin.net Ralf G. R. Bergs (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Skip Carter (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Moo (Nov 07)
- RE: ano () ano com ftpd dip.t-dialin.net Bojan Zdrnja (Nov 09)
- RE: ano () ano com ftpd dip.t-dialin.net Rick Darsey (Nov 07)
- Re: ano () ano com ftpd dip.t-dialin.net Valdis . Kletnieks (Nov 07)
- <Possible follow-ups>
- RE: ano () ano com ftpd dip.t-dialin.net Owen McCusker (Nov 12)