[ale] OT:rumors of Chinese attacks
Michael H. Warfield
mhw at wittsend.com
Fri May 4 15:19:25 EDT 2001
On Fri, May 04, 2001 at 02:25:19PM -0400, Sage wrote:
> Just curious...anyone on the list heard of any rumors to the effect
that supposeably, Chinese crackers, en masse, are supposed to
start trying to break into US systems, creating havoc and mayhem?
Perhaps this has been seen on a hoax list somewhere?
> Like I said, just curious.
A view from someone with a ring side seat at ground zero... It's
real. I just had to process a list of addresses and site names from several
hundred compromised sites just from the last couple of days. I know of
a few people who are working on spreadsheets to show the attacks from both
sides against the other and the results. I was requested to compile a list
of netblocks assigned to China, Hong Kong, and one other location. "Rumor"
has it that my lists are now in use by a major government agency in tracking
some of this (for the record, CN has 67 netblocks, the largest of which is
a /11. HK has 170 netblocks, the largest of which is a /15 - all of this
is public information if you know where to look).
Seems to be a lot of attention being paid to IIS attacks,
particularly the Unicode attack. Linux doesn't escape unscathed as
the L1on worm is largely viewed as an opening shot across our bow there
too (L1on was feed from a CN server). We are now starting to see some
evidence of scanning for the IIS 5.0 isapi printer vulnerability in
Windows 2000 as well. It's a jungle out there. Keep you systems up to
date. SERIOUSLY!
> -Sage
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list