We had one user report our DNS servers were hacking his system. Knew enought to do a whois but didn't have any clue beyond that. :) (lots of port 53 activity in the logs every time he surfed the web...) Best, -Al -----Original Message----- From: Richard A Steenbergen [mailto:ras@e-gerbil.net] Sent: Tuesday, May 28, 2002 1:01 PM To: Mike Tancsa Cc: Jeff Mcadams; nanog@merit.edu Subject: Re: operational: icmp echo out of control? On Tue, May 28, 2002 at 03:36:08PM -0400, Mike Tancsa wrote:

Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:21, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:10, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:09, Port 3, ICMP, Destination Unreachable

I don't know whats worse, those crappy personal firewalls that make every packet look like a life or death assault, or the idiots who send abuse email demanding that you do something for them or they will sue and/or hax0r you. I've seen supposed "security professionals" for theoretically clued places like NASA send abuse complaints over traceroutes they've originated, and people complain about "port 80 hacking attempts" then flatly refuse to admit they visited website. At best, it's annoying clutter. Is it any wonder that legitimate emails about ongoing DoS attacks are completely ignored or responded to a week later? At worst, it can get innocent people in trouble and cost them a lot of time, effort, and potentially money. These false abuse reports are FAR too common, and the net equivilent of crying wolf. In my opinion, it is the responsability of these personal firewall makers to at least make an EFFORT to warn their users about this. So far, I havn't seen it. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)