David Avery was said to been seen saying:
I would hope leased line/colo machines would be better set up, but I am probably dreaming.
One would think this to be true but I have found it quite often to be the opposite... I've had to deal with countless intrusion attempts against our network only to find that the box attacking me had been owned by some script kiddie on the net because the admin of the box had failed to secure it before placing it online... I've found this to be true with school districts (had one in Colorado a several weeks ago) and commercial companies (had a company in Dallas, TX right after the school district incident)... In fact in the case of the Colorado school district attempt I had the admin tell me he had only put the machine online on Thursday, however by Sunday I had already recorded attempts from it...
Just for referance I an one of the net/security admins at distributed.net and there are a number of win* worms running arounf in the wild carrying the distributed.net client as part of their payload.
So far in the past 3 months ( since the worms appeared) I have logged over 400,000 unique IP addresses returning data to distributed.net from installs created by the worms. We have spot checked a number of these IPs and find win9x boxes with open C shares and signs on multiple infestation including QAZ and other DDoS payloads.
This would not surprise me at all... I've noticed quite a few QAZ style signature attempts coming from repeated Cable & Wireless IP blocks recently... As I'm on a C&W backbone I'm routinely scan'd by other C&W IPs which have been infect'd and some have even been from clients of my own ISP... Respectfully, Jeremy T. Bouse UnderGrid Network Services, LLC -- ,-----------------------------------------------------------------------------, | Jeremy T. Bouse - UnderGrid Network Services, LLC - www.UnderGrid.net | | All messages from this address should be atleast PGP/GPG signed | | Public PGP/GPG fingerprint and location in headers of message | | If received unsigned (without requesting as such) DO NOT trust it! | | undrgrid@UnderGrid.net - NIC Whois: JB5713 - Jeremy.Bouse@UnderGrid.net | `-----------------------------------------------------------------------------'