OT: Virtual WW III

Discussion in 'MCSE' started by Phil, Nov 10, 2006.

  1. Phil

    Phil Guest

    Just curious if any of you guys are sys admins and seeing what I'm
    seeing. In recent months I've got probe/scan/spam from new sources like
    Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition
    to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia,
    Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file
    sharing scanning for music/films etc, individuals I think, not robots,
    but not fee-paying clients either!

    I don't know about the rest of you but during the last 6 or 7 yrs, my
    traffic has shot up considerably, shame its not all page hits :-( My
    spam [webmail outside the system] runs at an average 1:100, i.e. for
    every 1 genuine email, there are about 100 spam, sometimes as high as
    200. Then you've got the harvesters, port scanners, proxy or relay
    seekers, open resolver seekers, hackers, the list goes on. Nowadays, I
    think a software firewall alone can't cut it judging by the level of bad
    traffic that the hardware unit is filtering out.

    So, has it started already?
    Phil, Nov 10, 2006
    #1
    1. Advertising

  2. Phil

    Kline Sphere Guest

    > In recent months I've got probe/scan/spam from new sources like
    >Egypt, Lybia, Sudan, Arab Emirates and Suadi Arabia. Thats in addition
    >to the usual China, Sth Korea, Taiwan, Russia, Poland, Romania, Latvia,
    >Czech Republic, Morocco, Nigeria and Sth Africa. There is alot of file
    >sharing scanning for music/films etc, individuals I think, not robots,
    >but not fee-paying clients either!


    Organized crime getting more and more tech aware.

    Kline Sphere (Chalk) MCNGP #3
    Kline Sphere, Nov 10, 2006
    #2
    1. Advertising

  3. Phil

    JaR Guest

    On Thu, 09 Nov 2006 23:49:46 -0500, Phil cast into the ether:

    > I don't know about the rest of you but during the last 6 or 7 yrs, my
    > traffic has shot up considerably, shame its not all page hits :-( My
    > spam [webmail outside the system] runs at an average 1:100, i.e. for
    > every 1 genuine email, there are about 100 spam, sometimes as high as
    > 200. Then you've got the harvesters, port scanners, proxy or relay
    > seekers, open resolver seekers, hackers, the list goes on. Nowadays, I
    > think a software firewall alone can't cut it judging by the level of bad
    > traffic that the hardware unit is filtering out.


    ^This^ addy is a honeypot that I use only in here and a couple of other
    groups. It currently harvests an average of about 130 spam e-mails a day
    alone. The web and mail servers get hit so hard, you'd think I was an ISP
    the size of AOL. Dictionary attact being tried right now on the webserver.
    Hmmmm IP out of Taiwan.

    Fsckers.

    >
    > So, has it started already?


    Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber
    equivalent of an electric fence.[0] Touch my boxen without permission
    and *POW*!

    ISAGN.

    --
    JaR
    MCNGP 22
    [0]Or a land mine
    Remove hat to reply
    JaR, Nov 10, 2006
    #3
  4. Phil

    Kline Sphere Guest

    >Dictionary attact being tried right now on the webserver.
    >Hmmmm IP out of Taiwan.


    no big deal, i'm sure the average taiwanese dude only understands a
    couple of dozen words, this rest are grunts and moans.

    Kline Sphere (Chalk) MCNGP #3
    Kline Sphere, Nov 10, 2006
    #4
  5. Phil

    Neil Guest

    did you hear Kline Sphere <.@> say in
    news::

    > grunts and moans.


    did they screw up the tongue-twister?

    --
    The InterNeil MCNGP Triple X
    PotD 10/23/2006

    - Press [ESC] to detonate or any other key to explode.
    Neil, Nov 10, 2006
    #5
  6. Phil

    Kline Sphere Guest

    >> grunts and moans.
    >
    >did they screw up the tongue-twister?


    lol!

    Kline Sphere (Chalk) MCNGP #3
    Kline Sphere, Nov 10, 2006
    #6
  7. "JaR" <> wrote in message
    news:p...
    > Dunno, but I wish there was a slick way to hit 'em back. Kinda the cyber
    > equivalent of an electric fence.[0] Touch my boxen without permission
    > and *POW*!
    >
    > ISAGN.


    You can blacklist by country. There is a list out there that does this. I
    did this a few years back at a company and it worked well. You just need to
    be sure you won't get email (that matters) from these countries. I blocked
    most of the world and it helped a lot w/ spam and other BS.

    Jonathan
    Jonathan Roberts, Nov 11, 2006
    #7
  8. Phil

    JaR Guest

    On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether:

    > You can blacklist by country. There is a list out there that does this. I
    > did this a few years back at a company and it worked well. You just need to
    > be sure you won't get email (that matters) from these countries. I blocked
    > most of the world and it helped a lot w/ spam and other BS.


    For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists.

    We are talking about attacks directly on the servers. Gotta leave acouple
    of ports open or just enjoy your intranet. I use DenyHosts, which is
    pretty good at blocking failed login attempts. I'd just like to burn their
    fingers at the same time ;-)

    --
    JaR
    MCNGP 22
    Dept of reasonable force
    Remove hat to reply
    JaR, Nov 13, 2006
    #8
  9. Phil

    Phil Guest

    JaR wrote:

    > On Sat, 11 Nov 2006 09:47:31 -0600, Jonathan Roberts cast into the ether:
    >
    >
    >>You can blacklist by country. There is a list out there that does this. I
    >>did this a few years back at a company and it worked well. You just need to
    >>be sure you won't get email (that matters) from these countries. I blocked
    >>most of the world and it helped a lot w/ spam and other BS.

    >
    >
    > For e-mail, yes. I use SPEWS, Spamcop, and a couple of other blocklists.
    >
    > We are talking about attacks directly on the servers. Gotta leave acouple
    > of ports open or just enjoy your intranet. I use DenyHosts, which is
    > pretty good at blocking failed login attempts. I'd just like to burn their
    > fingers at the same time ;-)
    >

    There are a couple of projects out there with p2p/other style software
    that automatically consumes bandwidth of servers hosting websites linked
    to phishing spam, constant reloading of their image files using your
    unused bandwidth. The idea being to alter spammer's economic model to
    beyond it being viable, see;
    http://www.okopipi.org
    http://www.scambaiter.com
    http://groups.google.com/group/SPDSSupport?lnk=li&hl=en
    Note: I can't vouch for who these people are or their motives, also I'm
    concerned about possible abuse of the software but from a security point
    of view, you need to know what is out there just in case.
    Phil, Nov 14, 2006
    #9
  10. Phil

    JaR Guest

    On Tue, 14 Nov 2006 11:13:51 -0500, Phil cast into the ether:

    > There are a couple of projects out there with p2p/other style software
    > that automatically consumes bandwidth of servers hosting websites linked
    > to phishing spam, constant reloading of their image files using your
    > unused bandwidth. The idea being to alter spammer's economic model to
    > beyond it being viable, see;


    Get back to me when you find something that will, after, say, 5 'sshd
    invalid user XXXX' attempts, or when some script kiddy tries to fsck with
    your site, will cause the offending computer to explode. Preferably with
    enough vigor that it at causes injury to the luser at the keyboard. I
    know, they are more of a nuisance than a threat, but it still just p1sses
    me off.

    > Note: I can't vouch for who these people are or their motives, also I'm
    > concerned about possible abuse of the software but from a security point
    > of view, you need to know what is out there just in case.


    Seems a tad like dancing with the devil to me.

    --
    JaR
    MCNGP 22
    Retaliation is Mine!
    Remove hat to reply
    JaR, Nov 14, 2006
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary
    Replies:
    1
    Views:
    2,597
  2. Chuck Arthurs
    Replies:
    0
    Views:
    506
    Chuck Arthurs
    Jan 26, 2004
  3. Patrick B Cox

    Nikon Coolscan III vs Minolta Dimage Scan Dual III

    Patrick B Cox, Feb 24, 2004, in forum: Digital Photography
    Replies:
    17
    Views:
    4,355
    Gordon Moat
    Mar 2, 2004
  4. News Reader
    Replies:
    1
    Views:
    675
  5. =?Utf-8?B?Qm9iIEs=?=

    Virtual PC and Virtual Server

    =?Utf-8?B?Qm9iIEs=?=, Jan 2, 2006, in forum: Windows 64bit
    Replies:
    2
    Views:
    428
    Charlie Russel - MVP
    Jan 2, 2006
Loading...

Share This Page