Joel,
I have control of 54 web sites, i'm getting hammered terribly. Each site is
logging between 20 and 100 separate IP hits/hour on heavy days. 7/18,7/31
thru present.
Both NNN and XXX varients. I dont even bother to tell the morons anymore. All
are from win2000(a few NT,but their admins dont seen to be as clueless) boxes
according to nmap. Seems these are workstations from the earlier ones I
contacted. I got answers like, "I dont really see how, you must be wrong
because I have disabled ISS a few days ago", that seemed to be the most
common typical answer. Others never answered back but did shut down the box
after I got pissed and hammered back heavily. FREAKING MORONS!!! It is only
going to get worse, all new machines are now running unpatched w2000, so the
vendors are also at fault and many(almost all) users have no clue and plop
them on a network that is open to the net.
I gave up, I still log but dont even bother contacting offenders any longer.
I have better things to do than educate clueless morons and/or spend the time
to knock their box out of commision. All I did was change log file rotation
to weekly instead of monthly.
On Sunday 26 August 2001 22:21, Joel Hammer wrote:
> Just an update.
> Still getting 5 to 30 hits per hour from the XXX variant of the worm. That
> hasn't changed in days.
> I did complain to the abuse people at @HOME about a week ago about some
> boxes on the @HOME network which were really hitting my machine hard.
> Their response is reproduced in part below:
> =============================================
> The @Home Network is currently working on proactive measures to respond
> to this situation. You should see this activity cease from @Home
> subscribers in the near future. Thank you for your report.
>
> The @Home Network Policy Management Team
> ==============================================
> Let's grep and see. I got 196 hits today (23 hours) from the XXX variant
> and 61 were unique ip's today (Didn't look back at previous logs, so there
> are certainly repeats in here). I was able to lookup 57 of these with
> nslookup. 26 were from @HOME ( eg. twsn1.md.home ). 6 were rr (?road
> runner) and 7 were shaw cable.
> Only two of 61 ip's today did NOT begin with 24. My @HOME ip is
> 24.182.xx.xx. (left off some of the ip for my paranoia.)
> So, I think that @HOME is doing a fine job, but, I am not sure what job
> they are doing.
> The only difference I see is that most of these ip's only sent me one hit,
> although about 12 sent multiple hits (up to 25).
> Joel
>
>
> _______________________________________________
> http://linux.nf -- [EMAIL PROTECTED]
> Archives, Subscribe, Unsubscribe, Digest, Etc
> ->http://linux.nf/mailman/listinfo/linux-users
--
Ronnie
==================
Life can be a dream; or it can be a nightmare
it's all in your mind
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
