hmmm,
doesn't respond to any connect attempts
traceroute fails
no registered hosts
pings fail
no DNS resolution
Possiblities:
- spoofing type of activity perhaps ?
Nothing else except a misconfigured machine really springs to mind given
that there doesn't seem to be any network path to the IP address in
question.
comments anyone ?
===================================================================
Larry Chin {[EMAIL PROTECTED]} Technical Specialist - ISC
Sprint Canada 2550 Victoria Park Avenue
Phone: 416.496.1644 ext. 4693 Suite 200, North York, Ontario
Fax: 416.498.3507 M2J 5E6
===================================================================
On Wed, 1 Sep 1999, Newcomb, Kelly wrote:
> I'm getting repeated (regular intervals) ftp attempts to my firewall from an
> address (208.24.82.140) that I can't seem to track down. While the attempts
> are being blocked, the continuing log messages are annoying. This has been
> going on for quite a while now, and I'm wondering if something got caught in
> a loop and the attempts may not be malicious. (on the other hand... 8-O)
> Any thoughts?
>
> TIA,
> Kelly
> ---
> Kelly Newcomb, CISSP
> Technical Risk Assessment Consultant
> Texas Guaranteed Student Loan Corp.
> E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
> -----Original Message-----
> From: Chris Shenton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 01, 1999 9:47 AM
> To: Curt Hefflin
> Cc: [EMAIL PROTECTED]
> Subject: Re: dailup security
>
> On Wed, 1 Sep 1999 09:19:52 -0400, "Curt Hefflin"
> <[EMAIL PROTECTED]> said:
>
> Curt> We have a pretty good firewall protecting our network
> from the
> Curt> Internet. However, we have well over 200 users with
> dail-up
> Curt> access via an Acsend box with RADIUS authentication.
> What are
> Curt> some of the risks of having this type of access into
> our network
> Curt> and can these things be cracked.
>
> If someone can find out or guess your phone number, then
> daemon
> dialers can guess passwords and user names. This could be
> aided if
> outsiders can learn about your usernames (e.g. through your
> web pages,
> directories, or other public info). And most users choose
> poor
> passwords so password cracking programs won't have to be too
> sophisticated.
>
> At one site I worked on we separated the dialin gear from
> the internet
> and internal LAN so we could apply distinct rulesets and
> minimize
> attacks on the RADIUS servers, or from the dialin to the
> inside.
>
> Internet
> | |- Dial-in NASes
> Firewall -------+
> | |- RADIUS servers
> PrivateNet
>
> We then realized our greatest vulnerability was weak
> passwords and
> users sharing their passwords with friends, family, etc. So
> we got
> SecurID tokens and integrated that into RADIUS.
>
> I'd do the hardware token thing again but I'd look around at
> competing
> token products; their docs and support suck, and I gather
> they require
> tons of ports open if you want to leverage their ACE server
> (say) from
> inside the firewall.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
