RE: ano@ano.com ftpd dip.t-dialin.net

From: David Gillett <gillettdavid(at)fhda.edu>
Date: Fri Nov 08 2002 - 12:04:01 EST

  In my previous position, over half of our attempts to hack in via FTP were coming from addresses managed by t-dialin.net. After the Nth time their admins claimed that the offending user would be "found and warned", with NO reduction in such traffic, I was able to make it go away by blackholing their address blocks. We weren't getting any other traffic from them, so this was no problem.

  [The only time one of these probes ever found a server that would accept an anonymous connection, we fixed that before it actually got exploited. So it was more the annoyance of daily IDS alarms than any substantive threat to the network.]

Dave Gillett

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Nov 8 13:01:15 2002