-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday, Aug 4, 2004, at 17:00 US/Eastern, James Harrison wrote:
I then got on to their website, found the webmaster email account and sent
them a very nasty rude email along with evidance of them attempting to access
my machine without permission.
Needless to say, I now dont have any problems from them.
I understand that most of the sources of these probes are zombie drones or other compromised systems. The first time I saw such a probe (they're easy to spot, since the same IP will scan all three of my internet-facing servers on the same day) I politely emailed the technical contact responsible for that netblock, asking if there was something I should know about (or, conversely, if there was something *he* should know about.)
They apologized profusely and explained that the infected system had been taken offline within an hour of the first scans.
Go easy on 'em. "There but for the grace of God go you and I," or something like that.
Going from permissive to restrictive firewalling (from "anybody except" to "nobody except") with SSH would be a good step. Restricting accounts with shell login access from SSH can't hurt, either; the no-root-logins configuration mentioned here recently should be mandatory.
pjm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin)
iD8DBQFBEnF5nRVGoRROKxIRArEHAJ9peoLQMWAsy5dNYDc6YmFYq8HXgwCbB3OX oQjD4zwXfWpvlLNU4PG6tiM= =6Ufv -----END PGP SIGNATURE-----
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
