On 15:52 25 Jan 2002, Brenden Walker <[EMAIL PROTECTED]> wrote: | I've noticed quite a few computers trying to access files/directories on my | FTP server that don't exist with the obvious intent to break in (cgi-bin, | /winnt/system32 and the like). I'm not worried about these lame attempts, | just wondering if I should send off an e-mail to the domain admins (root@ or | abuse@). I suspect this is somebody running some form of scanning script. | | Any opinions? (I know, you guys don't usually share opinions ;-)..
My opinion is that if it's a single source making a really serious attempt to hack you, then sure. However, going after CGIs on FTP sites is truly stupid, and reaching for winnt system files seems like automated probing - my vote also goes to the poor virus infected victim. Also, there's a bazillion script kiddies out there and it's a waste of time chaisng them all. Further, it exacerbates the lamentable lynch-mob mentality becoming more widespread, rather than encouraging security. My preference is to make sure your system is secure, and keep an eye on the logs for real attacks and just laugh at the "noise". And remember when looking at logs: the "request denied" entries are interesting to see what's going on out there, by the "request accepted" entries are the places where your weaknesses may be actually exploited and deserve the real scrutiny. -- Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/ Fear not the evil men do in the name of evil, but heaven protect us from the evil men do in the name of good. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
