what annoys me isn't the number of hacks from AOL, it's the fact that their abuse department is always slow to respond and sometimes, doesn't do anything. Looks like some other folks on this list have the same problem. Hacks in themselves are nothing more than an annoyance, but it's insulting when the ISP doesn't do anything about it. At least this way they could be lazy since packets wouldn't come through. As for AOL users being technically inefficient, I'm sure there are some geniuses using AOL, but the fact that my servers are still running says they can't be the brightest black hats out there. -----Original Message----- From: Lampe, John W. [mailto:JWLAMPEat_private] Sent: Thursday, August 02, 2001 4:40 PM To: 'Jonathan A. Zdziarski '; 'incidentsat_private ' Subject: RE: AOL hackings Despite the fact that AOL is one of the larger ISP's (largest?), I only get a handful of scans from their blocks...Their track record is better than most...Are you presuming that AOL users are not technically efficient, and hence shouldn't be scanning anyone's machine? If I'm going to gripe about ISP's, there are some other big ones out there which regularly contribute to my IDS logs week after week on a much larger scale than AOL ever has.... John Lampe -----Original Message----- From: Jonathan A. Zdziarski To: Seung Kevin; incidentsat_private Sent: 8/2/01 2:49 PM Subject: RE: AOL hackings OK so if this is happening to everyone why can't AOL put some poilcies in place to prevent port scans and other nuissances? AOL, being mostly a content provider rather than an ISP, should be able to block outgoing packets targeted to most ports, no? What does the average AOL user need: 80, 21, 22, 23 (eek), 6667-7777, 110, 443, and maybe a handful of others...looking at my logs it's obvious they're not blocking many or any ports at all. I miss the days when AOL wasn't wired directly to the internet. -----Original Message----- From: Seung Kevin [mailto:kseungat_private] Sent: Thursday, August 02, 2001 2:45 PM To: 'Jonathan A. Zdziarski'; incidentsat_private Subject: RE: AOL hackings Yes, this has happen to us a few times. -----Original Message----- From: Jonathan A. Zdziarski [SMTP:jonathanat_private] Sent: Thursday, August 02, 2001 10:16 AM To: incidentsat_private Subject: AOL hackings I've noticed some user[s] from AOL have been running port scans on our systems, and even tried to make SSH connections to our boxes (which are libwrapped). Just wondering if anyone else is experiencing this from AOL's network. ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ***************************************************************** DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 14:57:46 PDT