Re: anoat_private ftpd dip.t-dialin.net

From: TOK (skyboundat_private)
Date: Thu Nov 07 2002 - 22:40:09 PST

  • Next message: Waitman C. Gobble: "030.com"

    On Don, 2002-11-07 at 17:52, Dave Laird wrote:
    > Good morning, everyone...
    ...
    > Another possible alternative, at least if you are using Linux running IPTables
    > is to move your FTP server *inside* the firewall, to an internal IP of your
    > choosing and severely constrain access to it using a well-chosen IPTables
    > script. Of course, if you are as road-weary as I am of the games that
    > dip.t-dialin.net users have attempted in the past, simply firewall them
    > entirely by their IP's. It's crude, it's rude, and perhaps not even good
    > policy, but it certain cuts down the volume of spurious traffic of all kinds.
    > [Standard Disclaimer] "Of course, I could be *WRONG* about anything I say,
    > but then I learned everything I know about networking from a pragmatic
    > wizard." 
    > 
    > Dave
    > -- 
    > Dave Laird (dlairdat_private)
    > The Used Kharma Lot
    >                   
    did you know that (practically) all Telekom users don't have a static
    IP? dialin and ADSL line IPs are chosen from quite large pools, during
    the last week my box got IPs within 80.134/16, 217.226/16 and 217.84/16.
    lines sold to companies or high end DSL may include a static IP, but
    anyone doing ~funny~ stuff through one of these would be worse than a
    script kid.
    
    so by blocking single IPs, you'll block anyone (but no one specific) and
    only dropping all packets from all Telekom subnets (to that service)
    will have the desired effect.
    if you're advising to do such, to get rid of some warez guys probing for
    anon ftp, i'd like to comment, that imho you are breaking a butterfly on
    a wheel. 
    
    concerning the username (other posts), google shows:
    a) ano maybe a valid email (www.ano.com exists)
    b) can be found in ftpd logs all over the world
    c) besides it is quicker to type than anonymous and easily recognizable
       as valid email == passwd
    probably no conspiracy here ;-(
                             
    best regards,
    tok
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Nov 08 2002 - 08:31:30 PST