On Tue, 03 Oct 2000, [EMAIL PROTECTED] wrote:
>Hello ISPers,
>Recently (within the last couple months) I've noticed a big increase of
>people that are trying to ftp into my debian machine. I have logchecker
>running and notice whenever there is an attempt to connect. I was thinking
>in my mind that they may be trying to connect to see which version of ftpd
>I am running? I remember reading about a security hole in one of the old
>ftp servers. I've updated mine to the stable, but think this is what they
>may be trying to do.
>
>Also, I was wondering what kind of action (if any) we should take in
>stopping this type of thing? (contact the isp) ?
>
>Anyone have anything to say about this?
A large ISP ( >500,000 customers) would need to dedicate at least one skilled
administrator if they wanted to handle such trivial complaints. This would
cost them >$100,000 per annum. The fact that someone is scanning your FTP
server is not worth $100K to a large ISP.
A small ISP knows that the type of people who scan for security holes will
spend lots of time online and make them good amounts of money. Protecting
the privacy of such customers makes economic sense.
The only way an ISP will take up this issue is if you threaten legal action
or writing letters to newspapers complaining (threatening bad PR). Of course
if you do this then they will be annoyed and probably won't be as helpful as
they might be if something serious happens...
Put up a banner saying "welcome user from machine-name" where machine-name is
the reverse DNS lookup and tell them that all connections are logged. It may
scare some of the weenies.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
