> I can understand the logic of dropping the port, but theres some
> additional thought involved when looking at Port 22 - maybe i'm not
> well-read enough, but the bots I've seen that are doing SSH scans, etc,
> are not usually on Windows systems. I can figure them working on Linux,
> MacOS syste
On Sat, Mar 08, 2008, Mark Foster wrote:
>
> To me, at least half the users likely to be running either Linux or Mac
> are going to be the same users who're going to request they be allowed
> outbound SSH is the blocking of outbound SSH considered to be
> sufficiently useful that we're ad
Sorry if I wasn't more clear, but I'm not asking about inbound attempts, I'm
asking about the number of outbound attempts a host would perform.
Frank
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Friday, March 07, 2008 11:41 PM
To: [EMAIL PROTECTED]
Cc: 'Mark Fos
Mark Foster wrote:
Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of
a concern? I can only assume it's to stop clients exploited boxen being
used to anonymise further telnet/ssh attempts - but have to admit this
discussion is the first i've heard of it being done 'en ma
It varies widely. I see some extremely slow scans (1 SYN every 2-5
minutes). This is what someone on the SANS ISC page mentioned I believe.
I've also seen scans last for up to 10 minutes. The consistency of the
speeds made me think that perhaps the scanning computer was on a slow link.
T
While I don't do flow monitoring today, when monitoring for outbound spam
with Wirekshark I have seen hosts systematically check all the hosts in the
block for an open SMTP port. I'm sure a lot more is going on that I don't
know. The patterns are obvious to the human observer -- too bad that suc
Dave Pooser wrote:
Half the Mac users? You think? I know a dozen or so sysadmins who use Macs,
[raises hand...]
and about a hundred users who wouldn't know SSH from PCP; I think that's
probably a slightly skewed sample considering I'm a Mac geek who hangs
around with Mac geeks, and I'd gues
I was quite surprised to see the large number of Mac laptops at
NANOG 42. I didn't do a formal count but it seemed like about 1/4
to 1/3 of the laptops in use were Macs.
...You know, now that you mention it, I was also quite impressed with
how many macbook pros there were in room as we
On Saturday 08 March 2008, Justin Shore wrote:
> What kind of customer-facing filtering do you do (ingress
> and egress)? This of course is dependent on the type of
> customer, so lets assume we're talking about an average
> residential customer.
We supply to mid-to-small ISP's mostly, and sizeab
