North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: operational: icmp echo out of control?
[ On Tuesday, May 28, 2002 at 13:26:37 (-0700), Rowland, Alan D wrote: ] > Subject: RE: operational: icmp echo out of control? > > We had one user report our DNS servers were hacking his system. Knew enought > to do a whois but didn't have any clue beyond that. :) IFWs aren't just luzers with personal firewalls. Large corporations can be equally in need of clue. One large company, IIRC the one that was first to have its domain name start with a digit and who still use a traditional routed class-B for the majority of their private internal network (apparently without adequate firewall protection, just a trigger happy security officer and some ultra-paranoid IDS), is/was blocking one of my client's subnets -- the one where the transparent squid servers sit -- because they were getting "scanned on port 80". Rumour was they were writing up and sending out tens of thousands of complaints at the height of the Nimda and CodeRed activity, instead of just dropping and ignoring requests to machines without authorised (and secured) web servers. I wish I had that kind of time and money to waste! -- Greg A. Woods +1 416 218-0098; <[email protected]>; <[email protected]>; <[email protected]> Planix, Inc. <[email protected]>; VE3TCP; Secrets of the Weird <[email protected]>
|