1.  Home
  2. MIDRANGE-L
  3. May 2015

RE: What Can You Do?

1. Get an IPS, (Intrusion Prevention System) module for your firewall. It will detect and stop the attacks.
2. Why is your telnet open? If for business partners, they should have a fixed IP and only allow them in based on IP. If for employee's get a VPN solution and make them establish VPN and close telnet in your firewall.


--
Chris Bipes
Director of Information Services
CrossCheck, Inc.

707.665.2100, ext. 1102 - 707.793.5700 FAX
chris.bipes@xxxxxxxxxxxxxxx
www.cross-check.com

Notice of Confidentiality: This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information.  If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited.  If you have received this e-mail in error, please immediately notify me by e-mail (by replying to this message) or telephone (noted above) and permanently delete the original and any copy of any e-mail and any printout thereof.  Thank you for your cooperation with respect to this matter.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rich Loeber
Sent: Wednesday, May 20, 2015 12:01 PM
To: Midrange Systems Technical Discussion
Subject: What Can You Do?

I regularly see and capture information about attempts to gain access to
my system. This month, I've seen a repeated attempt by someone to gain
access by establishing a Telnet session. So far, our software has
successfully rebuffed every access attempt. Because of the pattern, it
appears to me that someone is specifically targeting our IBM i server.
Every attempt consists of 27 attempts to establish a Telnet session, none
of which are successful. Then, the process repeats itself several hours
later. The IP addresses are from all over the place from RIPE in The
Netherlands to APNIC in Brisbane, Australia and from Time Warner, Comcast
and more.

I thought I'd notice law enforcement to see if something can be done
before damage happens and it turns out that there is NOTHING that can be
done. This is clearly malicious in intent but since no crime has been
committed, nobody can do anything about it. I checked with the local
police and the state police and I get the same response from both. I
suppose I could call the FBI, but I suspect they will sing the same song.

So, my question is, is there anything that you can do when you see this
kind of activity? Is there any agency that would respond?

The state police offered to take my system and audit it for me, but that
is just not an option.

Is this the state of protection from cybercrime?

Rich Loeber - @richloeber
Kisco Information Systems
[1]http://www.kisco.com

References

Visible links
1. http://www.kisco.com/

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.