[48324] in North American Network Operators' Group
RE: operational: icmp echo out of control?
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Tue May 28 17:56:21 2002
From: woods@weird.com (Greg A. Woods)
To: nanog@merit.edu (North America Network Operators Group Mailing List)
In-Reply-To: <AD74E2EC6D5BEA47BCB067EB69D30AD205E54949@petrified.mis.earthlink.net>
Reply-To: nanog@merit.edu (North America Network Operators Group Mailing List)
Date: Tue, 28 May 2002 17:55:46 -0400 (EDT)
Errors-To: owner-nanog-outgoing@merit.edu
[ On Tuesday, May 28, 2002 at 13:26:37 (-0700), Rowland, Alan D wrote: ]
> Subject: RE: operational: icmp echo out of control?
>
> We had one user report our DNS servers were hacking his system. Knew enought
> to do a whois but didn't have any clue beyond that. :)
IFWs aren't just luzers with personal firewalls. Large corporations can
be equally in need of clue. One large company, IIRC the one that was
first to have its domain name start with a digit and who still use a
traditional routed class-B for the majority of their private internal
network (apparently without adequate firewall protection, just a trigger
happy security officer and some ultra-paranoid IDS), is/was blocking one
of my client's subnets -- the one where the transparent squid servers
sit -- because they were getting "scanned on port 80". Rumour was they
were writing up and sending out tens of thousands of complaints at the
height of the Nimda and CodeRed activity, instead of just dropping and
ignoring requests to machines without authorised (and secured) web
servers. I wish I had that kind of time and money to waste!
--
Greg A. Woods
+1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
