|
|
|
|
11-10-2006, 04:49 AM
|
#1 |
OT: Virtual WW III
Just curious if any of you guys are sys admins and seeing what I'm
seeing. In recent months I've got probe/scan/spam from new sources like Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia, Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file sharing scanning for music/films etc, individuals I think, not robots, but not fee-paying clients either! I don't know about the rest of you but during the last 6 or 7 yrs, my traffic has shot up considerably, shame its not all page hits  My spam [webmail outside the system] runs at an average 1:100, i.e. for every 1 genuine email, there are about 100 spam, sometimes as high as 200. Then you've got the harvesters, port scanners, proxy or relay seekers, open resolver seekers, hackers, the list goes on. Nowadays, I think a software firewall alone can't cut it judging by the level of bad traffic that the hardware unit is filtering out. So, has it started already? Phil |
|
|
|
11-10-2006, 09:36 AM
|
#2 |
|
Posts: n/a
|
Re: OT: Virtual WW III
> In recent months I've got probe/scan/spam from new sources like
>Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition >to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia, >Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file >sharing scanning for music/films etc, individuals I think, not robots, >but not fee-paying clients either! Organized crime getting more and more tech aware. Kline Sphere (Chalk) MCNGP #3 |
|
|
|
11-10-2006, 04:25 PM
|
#3 |
|
Posts: n/a
|
Re: OT: Virtual WW III
On Thu, 09 Nov 2006 23:49:46 -0500, Phil cast into the ether:
> I don't know about the rest of you but during the last 6 or 7 yrs, my > traffic has shot up considerably, shame its not all page hits My > spam [webmail outside the system] runs at an average 1:100, i.e. for > every 1 genuine email, there are about 100 spam, sometimes as high as > 200. Then you've got the harvesters, port scanners, proxy or relay > seekers, open resolver seekers, hackers, the list goes on. Nowadays, I > think a software firewall alone can't cut it judging by the level of bad > traffic that the hardware unit is filtering out. ^This^ addy is a honeypot that I use only in here and a couple of other groups. It currently harvests an average of about 130 spam e-mails a day alone. The web and mail servers get hit so hard, you'd think I was an ISP the size of AOL. Dictionary attact being tried right now on the webserver. Hmmmm IP out of Taiwan. Fsckers. > > So, has it started already? Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber equivalent of an electric fence.[0] Touch my boxen without permission and *POW*! ISAGN. -- JaR MCNGP 22 [0]Or a land mine Remove hat to reply |
|
|
|
11-10-2006, 04:59 PM
|
#4 |
|
Posts: n/a
|
Re: OT: Virtual WW III
>Dictionary attact being tried right now on the webserver.
>Hmmmm IP out of Taiwan. no big deal, i'm sure the average taiwanese dude only understands a couple of dozen words, this rest are grunts and moans. Kline Sphere (Chalk) MCNGP #3 |
|
|
|
11-10-2006, 07:58 PM
|
#5 |
|
Posts: n/a
|
Re: OT: Virtual WW III
did you hear Kline Sphere <.@> say in
news:: > grunts and moans. did they screw up the tongue-twister? -- The InterNeil MCNGP Triple X PotD 10/23/2006 - Press [ESC] to detonate or any other key to explode. |
|
|
|
11-10-2006, 09:49 PM
|
#6 |
|
Posts: n/a
|
Re: OT: Virtual WW III
>> grunts and moans.
> >did they screw up the tongue-twister? lol! Kline Sphere (Chalk) MCNGP #3 |
|
|
|
11-11-2006, 03:47 PM
|
#7 |
|
Posts: n/a
|
Re: OT: Virtual WW III
"JaR" <> wrote in message news  ... > Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber > equivalent of an electric fence.[0] Touch my boxen without permission > and *POW*! > > ISAGN. You can blacklist by country. There is a list out there that does this. I did this a few years back at a company and it worked well. You just need to be sure you won't get email (that matters) from these countries. I blocked most of the world and it helped a lot w/ spam and other BS. Jonathan |
|
|
|
11-13-2006, 04:26 PM
|
#8 |
|
Posts: n/a
|
Re: OT: Virtual WW III
On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether:
> You can blacklist by country. There is a list out there that does this. I > did this a few years back at a company and it worked well. You just need to > be sure you won't get email (that matters) from these countries. I blocked > most of the world and it helped a lot w/ spam and other BS. For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists. We are talking about attacks directly on the servers. Gotta leave acouple of ports open or just enjoy your intranet. I use DenyHosts, which is pretty good at blocking failed login attempts. I'd just like to burn their fingers at the same time  -- JaR MCNGP 22 Dept of reasonable force Remove hat to reply |
|
|
|
11-14-2006, 04:13 PM
|
#9 |
|
Posts: n/a
|
Re: OT: Virtual WW III
JaR wrote:
> On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether: > > >>You can blacklist by country. There is a list out there that does this. I >>did this a few years back at a company and it worked well. You just need to >>be sure you won't get email (that matters) from these countries. I blocked >>most of the world and it helped a lot w/ spam and other BS. > > > For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists. > > We are talking about attacks directly on the servers. Gotta leave acouple > of ports open or just enjoy your intranet. I use DenyHosts, which is > pretty good at blocking failed login attempts. I'd just like to burn their > fingers at the same time > There are a couple of projects out there with p2p/other style software that automatically consumes bandwidth of servers hosting websites linked to phishing spam, constant reloading of their image files using your unused bandwidth. The idea being to alter spammer's economic model to beyond it being viable, see; http://www.okopipi.org http://www.scambaiter.com http://groups.google.com/group/SPDSSupport?lnk=li&hl=en Note: I can't vouch for who these people are or their motives, also I'm concerned about possible abuse of the software but from a security point of view, you need to know what is out there just in case. |
|
|
|
11-14-2006, 04:49 PM
|
#10 |
|
Posts: n/a
|
Re: OT: Virtual WW III
On Tue, 14 Nov 2006 11:13:51 -0500, Phil cast into the ether:
> There are a couple of projects out there with p2p/other style software > that automatically consumes bandwidth of servers hosting websites linked > to phishing spam, constant reloading of their image files using your > unused bandwidth. The idea being to alter spammer's economic model to > beyond it being viable, see; Get back to me when you find something that will, after, say, 5 'sshd invalid user XXXX' attempts, or when some script kiddy tries to fsck with your site, will cause the offending computer to explode. Preferably with enough vigor that it at causes injury to the luser at the keyboard. I know, they are more of a nuisance than a threat, but it still just p1sses me off. > Note: I can't vouch for who these people are or their motives, also I'm > concerned about possible abuse of the software but from a security point > of view, you need to know what is out there just in case. Seems a tad like dancing with the devil to me. -- JaR MCNGP 22 Retaliation is Mine! Remove hat to reply |
|
|
