RE: Abuse reporting based on whois

From: fbsd_user (fbsd_user_at_a1poweruser.com)
Date: 05/22/04

  • Next message: Mike Tancsa: "Re: recommendation for NMS" 
    To: "Florian Weimer" <fw@deneb.enyo.de>, <fbsd_user@a1poweruser.com>
Date: Sat, 22 May 2004 14:33:42 -0400

    If the source ips are spoofed, what purpose do they do other than
    consume bandwidth.

    I believe the senders are script kiddies probing for know ports that
    backdoors, spyware or Trojans are know to use.

    -----Original Message-----
    From: Florian Weimer [mailto:fw@deneb.enyo.de]
    Sent: Saturday, May 22, 2004 2:09 PM
    To: fbsd_user@a1poweruser.com
    Cc: freebsd-isp@FreeBSD. ORG
    Subject: Re: Abuse reporting based on whois

    * fbsd user:

    > My ipfilter firewall is blocking 35 to 150 un-solicited inbound
    > port packets per minute coming from all over the world. I have an
    > dynamic IP address assigned by my ISP, so I know the senders are
    > scanning an whole subnet range of IP address for the ports they
    are
    > interested in. I have to pay for this background packet noise in
    > bandwidth usage surcharges. I decided to research and try to
    build
    > an process to report this abuse to the ISP's who own the source IP
    > address that is scanning the whole subnet ranges of IP address I
    > belong to.

    A significant part of those scans have spoofed source addresses.
    Unless you complete a three-way handshake (for TCP scans only, of
    course) and thus validate the source address, your observations are
    probably not worth reporting. 

    --
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr,
yahoo.com.
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Mike Tancsa: "Re: recommendation for NMS"

    Relevant Pages

    • System hanging in acpi during shutdown
      ... including acpi and it now hangs during shutdown after reporting: ... This is a Gigabyte GA-7VRXP motherboard and dmesg reports: ... pci0: <PCI bus> on pcib0 ... 2 ports with 2 removable, ...
      (freebsd-stable)
    • Re: "Microsoft Reporting Error" bug in Tiger?
      ... communicate through these ports. ... Or give the application Microsoft Error Reporting ...
      (microsoft.public.mac.office)
    • Re: "Microsoft Reporting Error" bug in Tiger?
      ... Thanks for responding, Daiya. ... firewall settings that deny traffic through certain ports somehow are ... Is there any way to disable Microsoft Error Reporting and, thus, prevent ... >> Microsoft Reporting Error process. ...
      (microsoft.public.mac.office)
    • blackice reports localhost intrusions !?!?!
      ... before updating my blackice to the latest 3.6cbx version, ... reporting attacks from my own machine, on various different ports like ... Everything was working fine for months, but now i get a lot of attacks ...
      (comp.security.firewalls)