[wplug] Breakin attempts against the nobody account
Jonathan Billings
jsbillings at gmail.com
Mon Mar 28 15:13:18 EST 2005
On Mon, 28 Mar 2005 15:04:18 -0500, Zachary Uram <netrek at gmail.com> wrote:
> As I a dialup-user I can relate to that. Sometimes my standard
> deviation jumps up to higher than my lag and I see packet loss jump
> from 0% to 3%. When I check the firewall it shows usually ICMP or UDP
> hits. My log just had ips so I not sure where they originate. I have
> noticed a lot of of spam from Taiwan, Korea and Hong Kong. They seem
> to be very persistent. I got the same spam every day for over a year
> from some moron in Korea. He kept forging the header every time. I
> read in cases of DoS attacks that often an ISP will still suffer
> overhead on their router/firewall/IDS because the upstream ISP or
> backbone will refuse to apply rules on their router to block the
> attacks. Could someone explain why this is? Maybe if they were held
> legally responsible they'd be a bit more proactive in mitigation!
I wouldn't blame the Koreans for the spam. I've heard that there are
simply many broadband users there, and their systems have been
compromised and used as spam relays. For the most part, I'd bet that
most of the spam that you're getting from those countries are
initiated by US citizens.
--
Jonathan Billings
jsbillings at gmail.com
More information about the wplug
mailing list