RE: AOL hackings

From: Jonathan A. Zdziarski (jonathanat_private)
Date: Thu Aug 02 2001 - 11:49:53 PDT

Next message: ren stimpy: "RE: Code Red side effects"

Previous message: Jonathan A. Zdziarski: "RE: Increasing Port 137 Scan rate"
Next in thread: Jonathan A. Zdziarski: "RE: AOL hackings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OK so if this is happening to everyone why can't AOL put some poilcies in
place to prevent port scans and other nuissances? AOL, being mostly a
content provider rather than an ISP, should be able to block outgoing
packets targeted to most ports, no? What does the average AOL user need: 80,
21, 22, 23 (eek), 6667-7777, 110, 443, and maybe a handful of
others...looking at my logs it's obvious they're not blocking many or any
ports at all.   I miss the days when AOL wasn't wired directly to the
internet.

-----Original Message-----
From: Seung Kevin [mailto:kseungat_private]
Sent: Thursday, August 02, 2001 2:45 PM
To: 'Jonathan A. Zdziarski'; incidentsat_private
Subject: RE: AOL hackings



Yes, this has happen to us a few times.


	-----Original Message-----
	From:	Jonathan A. Zdziarski [SMTP:jonathanat_private]
	Sent:	Thursday, August 02, 2001 10:16 AM
	To:	incidentsat_private
	Subject:	AOL hackings

	I've noticed some user[s] from AOL have been running port scans on
our
	systems, and even tried to make SSH connections to our boxes (which
are
	libwrapped).  Just wondering if anyone else is experiencing this
from AOL's
	network.




----------------------------------------------------------------------------
	This list is provided by the SecurityFocus ARIS analyzer service.
	For more information on this free incident handling, management
	and tracking system please see: http://aris.securityfocus.com
*****************************************************************
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: ren stimpy: "RE: Code Red side effects"
Previous message: Jonathan A. Zdziarski: "RE: Increasing Port 137 Scan rate"
Next in thread: Jonathan A. Zdziarski: "RE: AOL hackings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 13:20:51 PDT