On 9 Apr 2001, at 17:43, Justin Schoeman wrote:
> Hi everybody,
>
> I was just wondering if anybody else has noticed a significant increase
> in exploit scanning over the last few weeks? Just this last weekend, I
> have monitored 9 scans, including bind, ftpd, statd and lpd. This has
> been getting more and more common, starting with approximately 1 scan
> every two days, about 4 weeks ago, to approximately 3 scans a day now.
> The scans all come from different sources, mainly on the pacific rim.
>
> Has anybody else been heavily scanned (is it some sort of a random
> scanner), or are we being targetted specifically?
>
> Any info you may have on these scans, or the frequency/origin of scans
> on your networks would be appreciated.
I've been seeing them from all over the world. And a lot more than
3 scans a day.
Too bad they don't all come from Univerersities. They seem to be
the only ones who come down hard on the scanners. You just
have to make sure the reports get to the top administration and to
the internal auditor. They don't like people using their networks for
such clearly illegal purposes.
Sending complaints to both the internal auditor and the top
administration just about guarantees that it will get looked into.
The internal auditor is unlikely to ignore it anyway and is definitely
not going to ignore it if the top administration knows about it. And
the top administration is not going to ignore it if the internal auditor
knows about it.
In one instance, I sent a complaint to a University on the East
coast. Within a couple hours, they confiscated the equipment from
a dorm room, checked it out, and found that it had been
compromised from outside the University.
Eric Johnson
--------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
