[lug] TCP Wrapers and Going After Bad People

John Hernandez John.Hernandez at noaa.gov
Wed Sep 12 11:39:26 MDT 2001


Don't bother going after anyone for attempting to connect to a service you don't offer.  Just use the information to tailor your security measures.  Block the IP address or range of addresses at your border.

Thing is, there's really no punishable offence here.  A failed connection attempt is like trying a door knob and finding it to be locked.  Even if they try again tomorrow, it doesn't make a case against them much stronger, unless the frequency of attempts somehow constitutes a denial of service attack.

One thing you can try, if you think it's worth your time, is calling or e-mailing their ISP and complaining.  They can trace a dynamic address to a user if you provide an accurate timestamp.  Maybe they'll disable the account.  Maybe not.

Greg Horne wrote:
> 
> Yo BLUG, yes. . . You CAN help Greg get the bad guys!
> 
> So two people stand out in my logs as always trying to break into my
> systems.  I get e-mails daily from the servers saying . . .Tried NS1, tried
> MMS1, tried Webserver 1, etc. . .
> 
> My question is this:  Have any of you tried to track some of these people
> down?  Any sucess stories to tell?  If so, what were your methods?
> 
> For good measure i'll include the *evil* offenders.
> 
> attempt from APoitiers-103-1-1-165.abo.wanadoo.fr unknown 193.253.254.165
> to in.ftpd at Wed Sep 12 05:30:51 PDT 2001
> 
> attempt from HSE-QuebecCity-ppp3496564.sympatico.ca unknown 65.92.224.5 to
> in.ftpd at Tue Sep 11 18:57:37 PDT 2001
> 
> Thanks,
> 
> Greg Horne
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 

  - John Hernandez - Network Engineer - 303-497-6392 -
 |  National Oceanic and Atmospheric Administration   |
 |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
  ----------------------------------------------------



More information about the LUG mailing list