[wplug] Breakin attempts against the nobody account
Zachary Uram
netrek at gmail.com
Mon Mar 28 15:04:18 EST 2005
As I a dialup-user I can relate to that. Sometimes my standard
deviation jumps up to higher than my lag and I see packet loss jump
from 0% to 3%. When I check the firewall it shows usually ICMP or UDP
hits. My log just had ips so I not sure where they originate. I have
noticed a lot of of spam from Taiwan, Korea and Hong Kong. They seem
to be very persistent. I got the same spam every day for over a year
from some moron in Korea. He kept forging the header every time. I
read in cases of DoS attacks that often an ISP will still suffer
overhead on their router/firewall/IDS because the upstream ISP or
backbone will refuse to apply rules on their router to block the
attacks. Could someone explain why this is? Maybe if they were held
legally responsible they'd be a bit more proactive in mitigation!
Zach
On Mon, 28 Mar 2005 12:37:54 -0500, Vanco, Don <don.vanco at agilysys.com> wrote:
> >-----Original Message-----
> >From: wplug-bounces+don.vanco=agilysys.com at wplug.org
> >[mailto:wplug-bounces+don.vanco=agilysys.com at wplug.org] On
> >Behalf Of Chris Ott
> >Sent: Monday, March 28, 2005 11:56 AM
> >To: General user list
> >Subject: Re: [wplug] Breakin attempts against the nobody account
> >
> >
> >
> >John Harrold wrote:
> >>
> >> Zombies or not, they are operating on an ISP's network and
> >Bill has filed
> >> complainants about them. As a common carrier they are not
> >responsible till
> >> complainants have been filed. At this point they should
> >respond. At least
> >> that is how I understand it. Perhaps they better to lawyers
> >than they do to
> >> friendly requests.
> >
> >Good luck. If you actually get anywhere, I imagine most people here
> >would like to know what steps you needed the take. I certainly would.
> >Maybe then, I can put an end to people trying to hack my systems.
>
> As a dial-up user it's a real issue - there are times when my
> "apparent b/w" is so bad it's like being back on 1200 baud... It's one
> thing to have a firewall to turn away all this crap, but it would sure
> be better if the ISPs got rid of it in the first place..... I say if
> you're a problematic "port scanner" you get banned from the ISP - but
> money talks so I doubt this will ever happen en masse, ISP are not about
> to start to kick off users willy-nilly.
>
> Don
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list