Re: [cobalt-users] portsenty

[Glenn Parsons <gparsons@xxxxxxxxxxxxx>]

At 11:24 AM 2/20/2004 -0600, you wrote:
> On 2/20/04 9:00 AM, "Dan Kriwitsky" wrote:
>
> >>> I have been seeing a lot of attackalerts on our RAQ2 like
> >> this lately:
> >>>
> >>> Feb 20 04:42:32 admin portsentry[1312]: attackalert: Connect from
> >>> host: client302.gdal1.hawkcommunications.com/64.63.216.141 to TCP
> >>> port: 1080
> >
> > Anyway, I suggest taking the log and passing it to the
> > admin(s) at hawkcomms for a start. :)
> >
> > http://www.abuse.net/lookup.phtml?DOMAIN=hawkcommunications.com
>
> Has anyone ever had any luck or action taken from reporting these things. We
> do it occasionally when we have time, but seems like it is going into a
> Dev/Null file. Still see the kiddies attempting to find open ports or FTP
> spots for their warez.
> --
> Thanks!!
> David Thurman
> List Only at Web Presence Group Net

Nope. Extremely rare! In two years, I've received one response from AT&T 
about a mass spammer with malicious content sent. I was able to help in the 
investigation.

Sometimes you just have to maintain that blind faith that someone else out 
there wants to do their job as well as you, at least, want to.

Send the notice to abuse and NEVER take it personally if it gets no results.

The only other thing I can suggest is to immerse yourself in the hacker's 
and script kiddies' education and learn how to lob one back now and then.

Cheers!