[ntp:hackers] Cold, dark world

todd glassey todd.glassey at worldnet.att.net
Thu Jan 26 01:45:07 UTC 2006


Dr. David -
That was why Levine put TCPWrappers on all the NIST operated Stratum-1
machines. FWIW - We saw at the radio station hack-attacks from several
specific address spaces including any number of DSL or client-lines that
were part of large DCHP pools operated in Northern Europe, Western Asia,
East Asia and to some extent South America. It was pretty easy to turn off
the port 22 or SSH based attacks once the addresses were profiled - and  I
think if there are critical clients that rely on your timing services, the
safest thing to do is to create a set of policies that say no to anyone from
a floating address pool based system and let their ISP's provide them with
more direct access to stratum-1 resources.

Todd
----- Original Message ----- 
From: "David L. Mills" <mills at udel.edu>
To: <hackers at ntp.org>
Sent: Wednesday, January 25, 2006 1:35 PM
Subject: [ntp:hackers] Cold, dark world


> Guys,
>
> I've been pilloried about the anal retentiveness of our campus mail
> system and attachments. Read on. The combined ECE and CIS department
> mail server sees about 40,000 attempted SNTP connections per day. Of
> these, 10,000 result in a SMTP connection. Of these, our campus
> virus/spam/attachment filters toss out all but 2500 messages. Of these,
> I get 700-1000 messages to my own mailbox. My mail recipies, which are
> based on subject and from fields toss out all but about fifty. Of these
> I manually toss out all but a handful. Now, on the dubious assumption
> one-third of those 40,000 attempts are directed at me, the eyeball
> survival is about ten blinks in 12,000 each day.
>
> I've been watching brute-force ssh attacks, which go on almost
> continuously. The question is not how frequently they occur, but how
> many are attacking at the same time on the same machine. We get
> thousands of port indexers each day on all subnets, even on the backroom
> machines over the ISDN link.
>
> Yeah, I know some of you probably have similar experiences. It's a cold,
> dark world out here.
>
> Dave
>
> _______________________________________________
> hackers mailing list
> hackers at support.ntp.org
> https://support.ntp.org/mailman/listinfo/hackers



More information about the hackers mailing list