Hello > I understand that most of the sources of these probes are zombie drones > or other compromised systems. What I dont understand about this is: Why do any of it? What is to gain from even trying to attempt to produce a "probe"? Written my a bunch of morons who cant do anything else productive for the computing industry. I dont take too kindly to people I dont know trying to access my system. I have personal information that I want my family and friends to see and I dont want some zitty 12 year old from China or some bored system engineer moron working for a company trying to use my system as a platform to spam the rest of the world. >I politely emailed the technical contact responsible That OK if you know you wont get hundreds of spam messages back from the person as soon as they know your email address. I do give people the benefit of doubt. If I see anything strange from the logwatch report for the first time I let it go. Any more after that I get a bit annoyed. When this company tried to access my system 2 or 3 times, this is when I started emailing. Sorry if I have been too vocal on this matter, but its something I feel strongly about. James --- Parker Morse <morse@xxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday, Aug 4, 2004, at 17:00 US/Eastern, James Harrison wrote: > > I then got on to their website, found the webmaster email account and > > sent > > them a very nasty rude email along with evidance of them attempting to > > access > > my machine without permission. > > > > Needless to say, I now dont have any problems from them. > > I understand that most of the sources of these probes are zombie drones > or other compromised systems. The first time I saw such a probe > (they're easy to spot, since the same IP will scan all three of my > internet-facing servers on the same day) I politely emailed the > technical contact responsible for that netblock, asking if there was > something I should know about (or, conversely, if there was something > *he* should know about.) > > They apologized profusely and explained that the infected system had > been taken offline within an hour of the first scans. > > Go easy on 'em. "There but for the grace of God go you and I," or > something like that. > > Going from permissive to restrictive firewalling (from "anybody except" > to "nobody except") with SSH would be a good step. Restricting accounts > with shell login access from SSH can't hurt, either; the no-root-logins > configuration mentioned here recently should be mandatory. > > pjm > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (Darwin) > > iD8DBQFBEnF5nRVGoRROKxIRArEHAJ9peoLQMWAsy5dNYDc6YmFYq8HXgwCbB3OX > oQjD4zwXfWpvlLNU4PG6tiM= > =6Ufv > -----END PGP SIGNATURE----- > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
