North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: operational: icmp echo out of control?

  • From: Greg A. Woods
  • Date: Tue May 28 17:58:17 2002

[ On Tuesday, May 28, 2002 at 13:26:37 (-0700), Rowland, Alan  D wrote: ]
> Subject: RE: operational:  icmp echo out of control?
>
> We had one user report our DNS servers were hacking his system. Knew enought
> to do a whois but didn't have any clue beyond that. :)

IFWs aren't just luzers with personal firewalls.  Large corporations can
be equally in need of clue.  One large company, IIRC the one that was
first to have its domain name start with a digit and who still use a
traditional routed class-B for the majority of their private internal
network (apparently without adequate firewall protection, just a trigger
happy security officer and some ultra-paranoid IDS), is/was blocking one
of my client's subnets -- the one where the transparent squid servers
sit -- because they were getting "scanned on port 80".  Rumour was they
were writing up and sending out tens of thousands of complaints at the
height of the Nimda and CodeRed activity, instead of just dropping and
ignoring requests to machines without authorised (and secured) web
servers.  I wish I had that kind of time and money to waste!

-- 
								Greg A. Woods

+1 416 218-0098;  <[email protected]>;  <[email protected]>;  <[email protected]>
Planix, Inc. <[email protected]>; VE3TCP; Secrets of the Weird <[email protected]>