From panzer@dhp.comThu Mar 14 01:59:24 1996 Date: Wed, 13 Mar 1996 03:58:20 -0500 (EST) From: Matt 'Panzer Boy' To: CERT Coordination Center Cc: cert@cert.org, admin@dhp.com Subject: Re: CERT#6564 - Re: Attempted-entry-in.telnetd-by-unknown@dhp.com On Tue, 12 Mar 1996, CERT Coordination Center wrote: > It has been our experience that innocuous telnet probes often turn > out to be part of a larger attack; although that obviously is not > always the case. We would encourage you to check your systems for > any sign of compromise. We can provide you with additional > information on checking your systems if you are interested. If it is your opinion that telnet probes often turn out to be part of a larger attack, then perhaps you feel that telephone salespeople are more likely to be burglers probing the house to see if people are home. I feel that having automated mail on some ports to be completely insane. If the owner of the machine wishes to log all incoming, and deal with them on a case by case basis, I see no problem. However in this day, people are likely to believe unsecured email with "root@host.com" about how a user has done something illegal, when they shouldn't be. I've had naive friends of mine get in trouble and one even lost his job over things like this. Users on IRC tell someone else to "telnet all.net" because it has a MUD running on it. The user does it, that user's Admin gets email about a "Illegal Intrusion". If the Admin isn't completely clued in, the user will most likely loose their account. None of this is called for. We've already checked my system for breakins. We currently have none discovered. > If you feel that Mr. Cohen's concern is unwarranted we would encourage > you to make him aware of your reasoning. If you feel additional action > needs to be taken, we would encourage you to contact the service provider > of ALL.NET and make them aware of this activity. When I made him aware of my reasoning he sent mail into CERT. My followup to that message went to CERT also, along with his provider. If you require anything information on this, feel free to contact me. I feel that this incident is closed on my end. -Matt (panzer@dhp.com) DI-1-9026 "That which can never be enforced should not be prohibited."