[Dshield] Fw: NTL Support/Abuse Staff

Johannes B. Ullrich jullrich at euclidian.com
Thu Aug 30 00:57:55 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  It is not an uncommon complaint that we once in a while 'catch' a proxy
in our database. In particular with Code Red being in everyones mind. I
will hopefully soon find the time to implement some of the proxy checks
for the alert pages.

  However, one question to ISPs that use proxies: Why not filter Code Red
requests? Also, quite frequently I find that these proxies are configured
'open'. This way, everyone in the world can use them to hide their tracks.

> 5. The web proxies get listed as attackers.

  If they are not the attacker themselfe, they at least hide their
identity and this should be fixed.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7jY+VVOIizK5pIDMRArJiAJ9beUnRacvbIZsKBF6UHTCs5FeA5ACgzARJ
n+5UC9POe4Sb9xNqoTCWdRA=
=0UcR
-----END PGP SIGNATURE-----




More information about the list mailing list