Re: black hat .cn networks
On Mon, Apr 30, 2001 at 10:18:03PM +0000, Walter Prue wrote:
The folks in the US who counterattack might be well advised to reconsider doing so. I would imagine that traffic from the US would be closely monitored. Any new hacking tricks that these counterattacks might use would then be recorded and analyzed. These techniques could then be used by them to further attack the US.
Oh for the love of god, 15 web sites get defaced and it's suddenly worth trying to deny internet access to a billion people? They watch a story on the news, and think "wouldn't it be kewl if...". Any excuse or boredom will do, and then the media blows it out of proportion because it makes for an interesting story. I bet it's probably the same number of hacks that you'd see on a normal day, just against another country's www..gov's instead of their own. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Mon, Apr 30, 2001 at 06:39:56PM -0400, Richard A. Steenbergen wrote:
Oh for the love of god, 15 web sites get defaced and it's suddenly worth trying to deny internet access to a billion people?
Really; statistically, it'd make more sense to block .com and .net.
On Mon, 30 Apr 2001, Shawn McMahon wrote:
On Mon, Apr 30, 2001 at 06:39:56PM -0400, Richard A. Steenbergen wrote:
Oh for the love of god, 15 web sites get defaced and it's suddenly worth trying to deny internet access to a billion people? Really; statistically, it'd make more sense to block .com and .net.
or statistically basing the blocks on networks which actually do something once notified. right now it seems to be an average of 25% response (which is pathetic), whereas to .cn sites its around 0% -Dan
Oh for the love of god, 15 web sites get defaced and it's suddenly worth trying to deny internet access to a billion people?
Really; statistically, it'd make more sense to block .com and .net.
Agreed. Although I did spend some time today going over DDOS and other attack response methods with my people. I figure if I were Chinese, I'd be relayed into some clueless newbies new 1+ghz pentium with a fresh RedHat 7.0 install on a fast connection INSIDE the US and then relay into other boxen from there before really attacking. It may be a busy week, what about the native 'elite' that decide this is the perfect cover for rampant mayhem? Remember when you trusted people on the 'net just a little bit?
On Mon, Apr 30, 2001 at 09:36:38PM -0400, mike harrison wrote:
Remember when you trusted people on the 'net just a little bit?
I still remember the day when we all had to modify our Fidonet setups so that people couldn't send a "pkzip.bat" file to hack you. :-) I also remember when adding .kr to your hosts.deny blocked half your "got his password on IRC" hacks. All that's changed is the volume.
On Tue, 1 May 2001, Shawn McMahon wrote:
I also remember when adding .kr to your hosts.deny blocked half your "got his password on IRC" hacks. All that's changed is the volume.
While the clue level for most countries has increased (even if just a little bit) over the past 5 years, the clue level for .kr has remained exactly zero. Even yugoslavia seems to have found some clue the past year or so. Korea remains as blissfully stupid as ever. -Dan
While the clue level for most countries has increased (even if just a little bit) over the past 5 years, the clue level for .kr has remained exactly zero.
Seems they are starting to notice. I'm seeing more questions like "why is our mail rejected by so many places?", and an accompanying increased effort at maintaining a somewhat stable WHOIS server for .kr networks. So they are beginning to clue in. Sanctions work.
Hi Have you tried the Korea CERT ? -- http://www.certcc.or.kr/ -- CERT Coordination Center - Korea Constituency: Korean internet sites Team E-Mail: cert@certcc.or.kr Team Telephone: +82-2-3488-4119 +82-18-312-4119 Team Pager: +82-15-993-4571 Team Fax: +82-2-3488-4129 X-BTW: this is public info from <http://www.first.org/team-info/> -- Rafi Sadowsky rafi@oumail.openu.ac.il Network/System/Security VoiceMail: +972-3-646-0592 FAX: +972-3-646-0454 Mangler ( :-) | FIRST-REP for ILAN-CERT(CERT@CERT.AC.IL) Open University of Israel | (PGP key -> ) http://telem.openu.ac.il/~rafi On Tue, 1 May 2001, Dan Hollis wrote:
On Tue, 1 May 2001, Shawn McMahon wrote:
I also remember when adding .kr to your hosts.deny blocked half your "got his password on IRC" hacks. All that's changed is the volume.
While the clue level for most countries has increased (even if just a little bit) over the past 5 years, the clue level for .kr has remained exactly zero. Even yugoslavia seems to have found some clue the past year or so. Korea remains as blissfully stupid as ever.
-Dan
participants (6)
-
Dan Hollis
-
Eric A. Hall
-
mike harrison
-
Rafi Sadowsky
-
Richard A. Steenbergen
-
Shawn McMahon