From: Rodent of Unusual Size (Ken.Coar@Golux.Com)
Date: Sat Apr 22 2000 - 04:29:47 PDT
Be still, my beating heart. Or at least slow down.
Nice blood-pressure.. come on down out of that tree, now.
I receive the mail sent to firstname.lastname@example.org, and a phenomenal
amount of it lately has been 'my intrusion-detection software
spotted address x.x.x.x trying to break in; why are you doing
this? I'm calling the police!' I rather wondered why.
I think the latest one of these contains the seeds of the answer.
Apparently one (or more) of these packages allow you to click on
the perp address for more information.. and what does the app
do? It sends the address to your browser as a URL! Since a
lot of attacks appear to be coming from newly-installed Linux/...
systems, that means the browser will go directly to the Apache
'It Worked!' confirmation page put in by the installation -- so
we get the blame for the crack attempt.
If they're going to force-feed the browser, it shuld be with
something less harmful and more useful, like the ARIN lookup
for the address.
Does any of the resident flatware (or bentware, if M Geller has
been around) here have any contacts at, say, Norton, or
Network ICE, or whomever makes 'Intruder Alert'? I'd like a
word with them about responsible behaviour..
-- #ken P-)}
Ken Coar <http://Golux.Com/coar/> Apache Software Foundation <http://www.apache.org/> "Apache Server for Dummies" <http://Apache-Server.Com/> "Apache Server Unleashed" <http://ApacheUnleashed.Com/>
This archive was generated by hypermail 2b29 : Sat Apr 22 2000 - 04:22:10 PDT