Hi All!
On Sat, 11 Mar 2006, Pavel Kankovsky wrote:
On Thu, 9 Mar 2006, Alex wrote:
Could this be a SSH scan by some stupid script kiddie that mistook the
telnet port# for that of SSH?
It would have to be a kiddie with an army of zombies at his (or her)
disposal. The probes came from hundreds (if not thousands) of different
IPs and a small random sample I checked was able to finish the TCP 3-way
handshake (and read a server greeting and disconnect) when it probed an
address where a telnet server was listening and accessible.
As regards DNS servers, over the -past- few days I -was- getting an
*extraordinary* number of plain vanilla spams referencing various
http://ns[x].[crackedbox].tld. As in a half dozen to a dozen new ones a
day. Oddly though, none yesterday or today. Yet. ;) Sometimes I write to
the admins to have a look at it, sometimes I don't, there're too many to
personally deal with. But I think it also means there weren't all that
many loose boxes to begin with or there'd be more and they'd keep coming.
Someone went through a lot of trouble to install their clickthrough pages
that didn't result with much.
Have a :) day!
jb
--
jim barchuk
[EMAIL PROTECTED]
