[ntp:questions] Re: Taming the pinball machine

David L. Mills mills at udel.edu
Tue Nov 11 18:36:28 UTC 2003


Maarten,

I may have mislead you. I am told we don't do name/address checking, but
we do do wrappers. Checking the hosts.deny file on ftp.udel.edu reveals
14,000 lines of twists and turns. Unsecured services like ftp and telnet
hav been turned off in virtually all our machines in favor of ssh and
friends. The only exception is ftp.udel.edu, which apparently still uses
hosts.deny..

At one time or another we have blocked large portions of the globe, most
recently most of France. I am told by sysadmin that bad guys go in that
list only after repeated hacker attacks; even so, 14,000 lines is a lot.
Further, I am told, guys that trip hosts.deny are advised to contact the
sysadmin, who will cheerfully make a hole in the blocked namespace.
Further even more, there is no blacklist for the web.

Modern net life closes in like a vice, especially for a well-connected
place like the University. As example, campus and department servers
here regularily log over 300 serious hacker attacks each day. And, this
doesn't count the indexers, whose attacks are continuous.

Dave

Maarten Wiltink wrote:
> 
> "David L. Mills" <mills at udel.edu> wrote in message
> news:3FAF2F26.764A8AA at udel.edu...
> 
> > Arrgh. We get hundreds of indexing attacks every night, one of which
> > might have sprung a block against you. The ultimate problem is that the
> > ftp server insists that the DNS name agrees with with your IP address. I
> > am told by our system staff that the workaround of choice is to snarf
> > via the web ftp://ftp.udel.edu. Modern life is becoming really
> > complicated.
> 
> That doesn't work from here, either. What DNS name has to agree, exactly?
> The one of my NATing router, perhaps?
> 
> I would say that to break existing protocols so they only work from a
> browser is, well, Bad.
> 
> Groetjes,
> Maarten Wiltink



More information about the questions mailing list