From: Dennis H. N. <n2...@n2...> - 2002-04-15 03:30:17
|
On 4/14/02 3:30 PM, "Andrew Stubbs" <an...@st...> wrote: ........ > While reporting you was probably a bit heavy handed by the system concerned > I feel I must point that in this day and age intrusion detection is > automated (it is on my servers). This is due to the vast number of ongoing > attempts to break into systems. It is standard on the net to contact the > owner of a machine before attempting to connect to it (especially on > non-standard ports) to prevent this type of false-positive report. > To be honest, I clicked on those links from your status page. It's not a non-standard port to us aprsd operators. I mistakenly thought of this as public information. I just don't understand what is so secret about what everyone is doing with their aprsd servers. How could I contact the sysop of that server to ask permission to see the status page if I can't see the status page with the email listed? Now that I am being investigated for possible security violations, I have to tread lightly with my ISP now. That just plain sucks, a step above "heavy handed". Think about how I feel. This is one hell of a flame, I might even loose my internet service. I live in a small urban area, I can't just change to another ISP, there isn't another choice. > I also feel that if you are going to publish lists of "intransigent sysops" > then you should probably include a more representative sample. I think you I was only listing those servers as having the link to Keith's status page, trying to warn other folks here not to click on those links. The actual list of servers that are routinely using port 1313 is much, much larger, as you pointed out. If there are servers that are making port 1313 work, that is absolutely fine with me, I'm happy it's working. Over the past month I have written notes to about 20 aprsd sysops asking them to join this list so we can get better organized. That is why I was accessing Keith's status page. I have never been flamed for it before this. Dennis, N2LBT BTW, the actual logs that were reported to my ISP look like this. They look to me like denied http syn_request on port 14501, pretty normal for an aprsd machine. Apr 10 03:30:24 newbox kernel: Packet log: input DENY eth0 PROTO=6 24.169.221.52:64839 80.194.219.32:14501 L=60 S=0x00 I=39130 F=0x4000 T=44 SYN (#3) Apr 10 03:30:25 newbox kernel: Packet log: input DENY eth0 PROTO=6 24.169.221.52:64838 80.194.219.32:14501 L=60 S=0x00 I=39131 F=0x4000 T=44 SYN (#3) Apr 10 03:30:27 newbox kernel: Packet log: input DENY eth0 PROTO=6 24.169.221.52:65067 80.194.219.32:14501 L=60 S=0x00 I=39132 F=0x4000 T=44 |