[ On Tuesday, May 28, 2002 at 13:26:37 (-0700), Rowland, Alan D wrote: ]
Subject: RE: operational: icmp echo out of control?
We had one user report our DNS servers were hacking his system. Knew enought to do a whois but didn't have any clue beyond that. :)
IFWs aren't just luzers with personal firewalls. Large corporations can be equally in need of clue. One large company, IIRC the one that was first to have its domain name start with a digit and who still use a traditional routed class-B for the majority of their private internal network (apparently without adequate firewall protection, just a trigger happy security officer and some ultra-paranoid IDS), is/was blocking one of my client's subnets -- the one where the transparent squid servers sit -- because they were getting "scanned on port 80". Rumour was they were writing up and sending out tens of thousands of complaints at the height of the Nimda and CodeRed activity, instead of just dropping and ignoring requests to machines without authorised (and secured) web servers. I wish I had that kind of time and money to waste! -- Greg A. Woods +1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>