As Brian McWilliams clued me to, this is one example of a 'freshly'
installed nt system, default webpage, and yet, as we replied back to Brian
thanking him for the clue;
I'm noticing this as I am starting to traverse attack signatures in my
logs. Seems there are so many of these systems out there. So many
clueless admins on these point and click systems with everything
pertaining to security being hidden from view. Sad state of affiars it
is.
Of course, note the information gleened when one goes further:
COMVERSE NETWORK SYSTEM (NETBLK-SPRINT-D00106)
9800 OLD DOGWOOD RD
ROSWELL, GA 30075
US
Netname: SPRINT-D00106
Netblock: 208.1.6.0 - 208.1.6.255
Coordinator:
Mouli, Mahandran (MM699-ARIN) [No mailbox]
7706418520
Damn, now to report an internet incident I'm forced to long diistance
bills to boot! It's the stagnant or outright bogus info injected into
these records that makes the notification process so broken. Let alone
the fact that sprint.net does not have a policy to turndown the
connections for such systems, letting them perpetuate attacks into
infinity! It's frustrating to see how few providers actually will and do
take the step of closing the site down until their clients have resolved
the issues of their abusive systems.
Then again, the matter will get worse for those trying to report this
infested system now in full attack mode; try the phone listings to clue
this sitemaintainer.
Thanks,
Ron DuFresne
On Thu, 20 Sep 2001, Ron DuFresne wrote:
>
> Poor old microsoft. Always a target, always so far behind. Of course,
> contacting these folks to clue them to their problems is not an easy task;
>
> [jengate.thur.de]
> Process query: '208.1.6.230'
> Query recognized as IP.
> Querying whois.arin.net:43 with whois.
>
> Sprint (NETBLK-SPRINTLINK-BLKS) SPRINTLINK-BLKS 208.0.0.0 -
> 208.35.255.255
> COMVERSE NETWORK SYSTEM (NETBLK-SPRINT-D00106) SPRINT-D00106
> 208.1.6.0 -
> 208.1.6.255
>
>
> Hard to identify M$ in that, so;
>
> lynx http://208.1.6.230 <=== offending IP
>
> and bam!
>
> Course, let's mention nothing about the kettle calling all the pots to
> patchup and then sitting on their hands for what, three + days now as they
> attack others on the internet. Now, how's that for setting an example?
> sure makes one feel warm and fuzzy to know eh?
>
> It further highlights how broken the process of notification is, and has
> been, and continues to be, resulting in the frustrations that drive folks
> to issue code like 'code green' into the wild, and to further defend it's
> issuance!
>
>
> Thanks,
>
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
