Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Golden Eagle

Like I wrote previous, in my experience, with some networks responsible for similar behaviors as here, I actually contact them and send copies of the site stats that evidence one of their IPAs and it's remarkable how few even respond...some do, the better administrated ones, but more don't.

For example, I found an IPA from the Georgia Board of Regents (probably a state library, maybe a school or admin. office, who knows) that was guilty of this and contacted them and they responded, very nicely, that they'd taken the offending terminal down and were repairing; also same from the University of Florida, Deleware state .gov system, places like that that I actually took time to correspond with about their problem, BUT, what's surprising is how many didn't even respond (Cal State Chico didn't, a major university in Canada didn't, etc.).

This zombie behavior is far more prevalent than this article lets on. Doesn't make it right because, in fact, I loathe it and agree that whoever writes malware ought to be in jail for a long time. Unfortunately, spammers even sell malware on the internet calling it "advertising" and "marketing" software but it works on the same principle: infecting any available computer and then using it to infect others, all for access to information and to avoid paying their own way. At least, I guess. I think most of it is done to be destructive, nothing smart or cute about it.


18 posted on 09/29/2005 7:03:56 PM PDT by BIRDS
[ Post Reply | Private Reply | To 11 | View Replies ]

To: BIRDS

I have those same experiences, and have a report on my desk every afternoon showing every unexpected request we received on unusual ports. Like you I used to contact them all, back before we got hundreds in a day, and on occasion I will still contact them if something is persistent, but in many instances it's impossible to get the granularity you need to actually contact the specific offender, and the subnet host either doesn't have time or care themselves. The good news is, it is of course possible to block those attempts, which is why we keep most everything locked down by default, and only open up when absolutely necessary, both ways.


24 posted on 09/29/2005 7:15:49 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 18 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson