[21512] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (Christopher E. Brown)
Mon Nov 16 09:36:15 1998
Date: Mon, 16 Nov 1998 14:06:25 -0900 (AKST)
From: "Christopher E. Brown" <cbrown@denalics.net>
To: NANOG <nanog@merit.edu>
In-Reply-To: <199811161255.HAA05076@heimdall.ttsg.com>
On Mon, 16 Nov 1998, TTSG wrote:
> My big carrot stick (I'm a veggie, so I don't eat beef) is that if
> the person was connected to the box (And it wasn't just a script running)
> we could have done more tracing.
>
> If they weren't, we could atleast try to find out how/what they
> were doing and see if there is a new advisory that should be published.
>
> Now we have to deal with AFTER the fact, instead of IN-PROGRESS.
>
> Tuc/TTSG
Who knows if they actually maintained a connection to the box, but
from my view it would have had to have been an totally automated (or
nearly so) setup. Given the volume of the attempts and the number of
sites hit.
Domains selected for the hit would appear to be automated as well,
perhaps on somthing like domains with a user on this list. This is about
the only quality my systems share with most of those in here. (Small
Alaskan ISP with fewer customers than some of you have employees, and even
my primary DNS got hit (though not MX))
