operational: icmp echo out of control?

Greg A. Woods woods at weird.com
Tue May 28 21:55:46 UTC 2002


[ On Tuesday, May 28, 2002 at 13:26:37 (-0700), Rowland, Alan  D wrote: ]
> Subject: RE: operational:  icmp echo out of control?
>
> We had one user report our DNS servers were hacking his system. Knew enought
> to do a whois but didn't have any clue beyond that. :)

IFWs aren't just luzers with personal firewalls.  Large corporations can
be equally in need of clue.  One large company, IIRC the one that was
first to have its domain name start with a digit and who still use a
traditional routed class-B for the majority of their private internal
network (apparently without adequate firewall protection, just a trigger
happy security officer and some ultra-paranoid IDS), is/was blocking one
of my client's subnets -- the one where the transparent squid servers
sit -- because they were getting "scanned on port 80".  Rumour was they
were writing up and sending out tens of thousands of complaints at the
height of the Nimda and CodeRed activity, instead of just dropping and
ignoring requests to machines without authorised (and secured) web
servers.  I wish I had that kind of time and money to waste!

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods at acm.org>;  <g.a.woods at ieee.org>;  <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>



More information about the NANOG mailing list