Saturday, March 29, 2003

Friday went well, Brian resolved a few security issues by installing a new RH8 server, and I redesigned a spreadsheet I use to track attacks on our network. I detected a pattern of well-hidden probes, all using UDP - apparently someone is using the AOL.net name servers - the computers that tell AOL users where other network sites are when they look for them by name. These servers are being used to stealthily probe our firewall for holes. We have it locked down fairly well, but this is still not something you want to continue for long. It looked like 10-12 of these servers were being used at random, with random times between probes, so that you wouldn't notice the probes unless you sorted the list of attacks by source - then it shows up!

...And of course AOL will take no action, even though they admit that their servers are insecure and are being used in this manner. Go figure.