Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > OT: Virtual WW III

Reply
Thread Tools

OT: Virtual WW III

 
 
Phil
Guest
Posts: n/a
 
      11-10-2006
Just curious if any of you guys are sys admins and seeing what I'm
seeing. In recent months I've got probe/scan/spam from new sources like
Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition
to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia,
Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file
sharing scanning for music/films etc, individuals I think, not robots,
but not fee-paying clients either!

I don't know about the rest of you but during the last 6 or 7 yrs, my
traffic has shot up considerably, shame its not all page hits My
spam [webmail outside the system] runs at an average 1:100, i.e. for
every 1 genuine email, there are about 100 spam, sometimes as high as
200. Then you've got the harvesters, port scanners, proxy or relay
seekers, open resolver seekers, hackers, the list goes on. Nowadays, I
think a software firewall alone can't cut it judging by the level of bad
traffic that the hardware unit is filtering out.

So, has it started already?
 
Reply With Quote
 
 
 
 
Kline Sphere
Guest
Posts: n/a
 
      11-10-2006
> In recent months I've got probe/scan/spam from new sources like
>Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition
>to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia,
>Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file
>sharing scanning for music/films etc, individuals I think, not robots,
>but not fee-paying clients either!


Organized crime getting more and more tech aware.

Kline Sphere (Chalk) MCNGP #3
 
Reply With Quote
 
 
 
 
JaR
Guest
Posts: n/a
 
      11-10-2006
On Thu, 09 Nov 2006 23:49:46 -0500, Phil cast into the ether:

> I don't know about the rest of you but during the last 6 or 7 yrs, my
> traffic has shot up considerably, shame its not all page hits My
> spam [webmail outside the system] runs at an average 1:100, i.e. for
> every 1 genuine email, there are about 100 spam, sometimes as high as
> 200. Then you've got the harvesters, port scanners, proxy or relay
> seekers, open resolver seekers, hackers, the list goes on. Nowadays, I
> think a software firewall alone can't cut it judging by the level of bad
> traffic that the hardware unit is filtering out.


^This^ addy is a honeypot that I use only in here and a couple of other
groups. It currently harvests an average of about 130 spam e-mails a day
alone. The web and mail servers get hit so hard, you'd think I was an ISP
the size of AOL. Dictionary attact being tried right now on the webserver.
Hmmmm IP out of Taiwan.

Fsckers.

>
> So, has it started already?


Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber
equivalent of an electric fence.[0] Touch my boxen without permission
and *POW*!

ISAGN.

--
JaR
MCNGP 22
[0]Or a land mine
Remove hat to reply

 
Reply With Quote
 
Kline Sphere
Guest
Posts: n/a
 
      11-10-2006
>Dictionary attact being tried right now on the webserver.
>Hmmmm IP out of Taiwan.


no big deal, i'm sure the average taiwanese dude only understands a
couple of dozen words, this rest are grunts and moans.

Kline Sphere (Chalk) MCNGP #3
 
Reply With Quote
 
Neil
Guest
Posts: n/a
 
      11-10-2006
did you hear Kline Sphere <.@> say in
news:(E-Mail Removed):

> grunts and moans.


did they screw up the tongue-twister?

--
The InterNeil MCNGP Triple X
PotD 10/23/2006

- Press [ESC] to detonate or any other key to explode.
 
Reply With Quote
 
Kline Sphere
Guest
Posts: n/a
 
      11-10-2006
>> grunts and moans.
>
>did they screw up the tongue-twister?


lol!

Kline Sphere (Chalk) MCNGP #3
 
Reply With Quote
 
Jonathan Roberts
Guest
Posts: n/a
 
      11-11-2006

"JaR" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber
> equivalent of an electric fence.[0] Touch my boxen without permission
> and *POW*!
>
> ISAGN.


You can blacklist by country. There is a list out there that does this. I
did this a few years back at a company and it worked well. You just need to
be sure you won't get email (that matters) from these countries. I blocked
most of the world and it helped a lot w/ spam and other BS.

Jonathan



 
Reply With Quote
 
JaR
Guest
Posts: n/a
 
      11-13-2006
On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether:

> You can blacklist by country. There is a list out there that does this. I
> did this a few years back at a company and it worked well. You just need to
> be sure you won't get email (that matters) from these countries. I blocked
> most of the world and it helped a lot w/ spam and other BS.


For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists.

We are talking about attacks directly on the servers. Gotta leave acouple
of ports open or just enjoy your intranet. I use DenyHosts, which is
pretty good at blocking failed login attempts. I'd just like to burn their
fingers at the same time

--
JaR
MCNGP 22
Dept of reasonable force
Remove hat to reply

 
Reply With Quote
 
Phil
Guest
Posts: n/a
 
      11-14-2006
JaR wrote:

> On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether:
>
>
>>You can blacklist by country. There is a list out there that does this. I
>>did this a few years back at a company and it worked well. You just need to
>>be sure you won't get email (that matters) from these countries. I blocked
>>most of the world and it helped a lot w/ spam and other BS.

>
>
> For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists.
>
> We are talking about attacks directly on the servers. Gotta leave acouple
> of ports open or just enjoy your intranet. I use DenyHosts, which is
> pretty good at blocking failed login attempts. I'd just like to burn their
> fingers at the same time
>

There are a couple of projects out there with p2p/other style software
that automatically consumes bandwidth of servers hosting websites linked
to phishing spam, constant reloading of their image files using your
unused bandwidth. The idea being to alter spammer's economic model to
beyond it being viable, see;
http://www.okopipi.org
http://www.scambaiter.com
http://groups.google.com/group/SPDSSupport?lnk=li&hl=en
Note: I can't vouch for who these people are or their motives, also I'm
concerned about possible abuse of the software but from a security point
of view, you need to know what is out there just in case.
 
Reply With Quote
 
JaR
Guest
Posts: n/a
 
      11-14-2006
On Tue, 14 Nov 2006 11:13:51 -0500, Phil cast into the ether:

> There are a couple of projects out there with p2p/other style software
> that automatically consumes bandwidth of servers hosting websites linked
> to phishing spam, constant reloading of their image files using your
> unused bandwidth. The idea being to alter spammer's economic model to
> beyond it being viable, see;


Get back to me when you find something that will, after, say, 5 'sshd
invalid user XXXX' attempts, or when some script kiddy tries to fsck with
your site, will cause the offending computer to explode. Preferably with
enough vigor that it at causes injury to the luser at the keyboard. I
know, they are more of a nuisance than a threat, but it still just p1sses
me off.

> Note: I can't vouch for who these people are or their motives, also I'm
> concerned about possible abuse of the software but from a security point
> of view, you need to know what is out there just in case.


Seems a tad like dancing with the devil to me.

--
JaR
MCNGP 22
Retaliation is Mine!
Remove hat to reply

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
V1.1 Virtual Folder when V2.0 installed for the virtual server? Jéjé ASP .Net 2 11-30-2005 05:44 PM
virtual template and virtual access for ADSL circuits Gary Cisco 1 04-28-2005 07:26 PM
Virtual Computer Corporation (VCC) Virtual Workbench VW300 Derek Simmons VHDL 0 08-01-2004 04:55 AM
Nikon Coolscan III vs Minolta Dimage Scan Dual III Patrick B Cox Digital Photography 17 03-02-2004 07:15 PM



Advertisments