Hosting Provided By

Re: ano@ano.com ftpd dip.t-dialin.net

From: TOK <skybound(at)inbox.lv>
Date: Fri Nov 08 2002 - 01:40:09 EST

On Don, 2002-11-07 at 17:52, Dave Laird wrote:
> Good morning, everyone...
...
> Another possible alternative, at least if you are using Linux running IPTables
did you know that (practically) all Telekom users don't have a static IP? dialin and ADSL line IPs are chosen from quite large pools, during the last week my box got IPs within 80.134/16, 217.226/16 and 217.84/16. lines sold to companies or high end DSL may include a static IP, but anyone doing ~funny~ stuff through one of these would be worse than a script kid.

so by blocking single IPs, you'll block anyone (but no one specific) and only dropping all packets from all Telekom subnets (to that service) will have the desired effect.
if you're advising to do such, to get rid of some warez guys probing for anon ftp, i'd like to comment, that imho you are breaking a butterfly on a wheel.

concerning the username (other posts), google shows:

a) ano maybe a valid email (www.ano.com exists)
b) can be found in ftpd logs all over the world
c) besides it is quicker to type than anonymous and easily recognizable

as valid email == passwd
probably no conspiracy here ;-(

best regards,
tok

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Nov 8 11:31:42 2002

This message: [ Message body ]
Next message: Waitman C. Gobble: "030.com"
Previous message: batz: "Re: Ip spoof from 0.0.0.0"
In reply to Dave Laird: "Re: ano@ano.com ftpd dip.t-dialin.net"
Next in thread: David Gillett: "RE: ano@ano.com ftpd dip.t-dialin.net"
Reply: David Gillett: "RE: ano@ano.com ftpd dip.t-dialin.net"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:50 EDT