as far as universities go, most support 'abuse' mail, at least all the ones i'v ever had to contact. response was always quick. the university i was at took it very serious partly due to the possibility of getting sued. if we couldn't contact the local admin, we get hold of networking (staffed 24x7) and shut down associated ports.
Internally they formed an official response team, the team along with the director would be carboned on all abuse email activity. The director would contact auditors, local police, or FBI if necessary. The FBI had a bigger presence at that place than i expected.....always nosing around.....
-----Original Message-----
From: Eric Johnson [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 09, 2001 1:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Continuous scanning.
On 9 Apr 2001, at 17:43, Justin Schoeman wrote:
> Hi everybody,
>
> I was just wondering if anybody else has noticed a significant increase
> in exploit scanning over the last few weeks? Just this last weekend, I
> have monitored 9 scans, including bind, ftpd, statd and lpd. This has
> been getting more and more common, starting with approximately 1 scan
> every two days, about 4 weeks ago, to approximately 3 scans a day now.
> The scans all come from different sources, mainly on the pacific rim.
>
> Has anybody else been heavily scanned (is it some sort of a random
> scanner), or are we being targetted specifically?
>
> Any info you may have on these scans, or the frequency/origin of scans
> on your networks would be appreciated.
I've been seeing them from all over the world. And a lot more than
3 scans a day.
Too bad they don't all come from Univerersities. They seem to be
the only ones who come down hard on the scanners. You just
have to make sure the reports get to the top administration and to
the internal auditor. They don't like people using their networks for
such clearly illegal purposes.
Sending complaints to both the internal auditor and the top
administration just about guarantees that it will get looked into.
The internal auditor is unlikely to ignore it anyway and is definitely
not going to ignore it if the top administration knows about it. And
the top administration is not going to ignore it if the internal auditor
knows about it.
In one instance, I sent a complaint to a University on the East
coast. Within a couple hours, they confiscated the equipment from
a dorm room, checked it out, and found that it had been
compromised from outside the University.
Eric Johnson
--------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
