Just caught a CalPoly machine scanning for a backdoor... UPDATE!

[WoundedWallet]

I usually receive many scans on my DSL connection, but this one came in for my earthlink dial-up.

It was for "Backdoor-g-1 (1243)" service and the remote address was for a machine inside CalPoly Pomona 134.71.52.100

If you want to see here is the print screen

I know there is a site collecting IPs for offending script kiddies, but they are a pain to make a report.

I think I should contact CalPoly to tell they have a Zombie. But should I contact anybody else? If so who?

 

[jimmygates]

Cow Poly Pomona...heh I use to live 5 minutes away from there...



See if you can find the housing director and contact him.


P.S. You live anywhere near Walnut? I grew up there


-Jimbo

 

[WoundedWallet]

I just sent an email to the Domain Name coordinator and to the President. I figure once he sees that the president was CCed, he will try to do something about it.

No I don't live near Pomona, I'm on the west side.

 

[amnesiac]

Nice. Keep us posted on the outcome of this. I'd like to see that retard wannabe h4x0r caught. Stupid nerds don't have anything better to do than poke around in other peoples stuff.. sheesh..

 

[bUnMaNGo]

heh I help run a linux server at nubi-net (a pc gaming center in Rowland Heights) and some fegs decided it would be fun to run an rcon exploit on our server. now I have 100's of logs full of this:

L 02/04/2001 - 20:09:02: Bad Rcon from "24.41.43.39:27001":"(rcon "ADT""sayADT&quot"
L 02/04/2001 - 20:09:02: Bad Rcon from "24.41.43.39:27001":"(rcon "ADU""sayADU&quot"
L 02/04/2001 - 20:09:02: Bad Rcon from "24.41.43.39:27001":"(rcon "ADV""sayADV&quot"
L 02/04/2001 - 20:09:02: Bad Rcon from "24.41.43.39:27001":"(rcon "ADW""sayADW&quot"

needless to say, I did an nslookup on it, and low and behold- a Charter/Earthlink cable modem subscriber in Walnut or West Covina. I emailed abuse@earthlink.net but so far all I've gotten is an autoresponse. btw jimmygates I used to live in Diamond Bar Well I still do but I go to school up in Santa Cruz

 

[WoundedWallet]

I finally received a very laconic answer from some unthankfull bureaucrat.

"this is a student in one of our dorms. I received a number of reports this morning of suspicious activity originating from this address, and the connection has been deactivated pending further investigation."

One would think that a CalPoly student would know better... But then maybe not, if the answer I got represents the school's philosophy.

 

[Deicide]

What the hell do you want them to do? Shoot the kid? Cutting off his net connection sounds like a good solution to me, they're not going to kick him out for scanning somebody.

 

[PattySmear]

<< &quot;this is a student in one of our dorms. I received a number of reports this morning of suspicious activity originating from this address, and the
connection has been deactivated pending further investigation.&quot; >>




Hah talk about inflated ego.

Realize that your lone system barely registers a blip on their radar screen.

 

[Cheapster]

I had a similiar problem but couldn't get a good response after emailing the coordinator about the abuse.

 

[Napalm381]

<< Hah talk about inflated ego >>

It has nothing to do with his ego. His was reporting a student using university bandwidth to perform unscrupulous, if not illegal, activity. What's egotistical about reporting criminals?

 

[PattySmear]

<< It has nothing to do with his ego. His was reporting a student using university bandwidth to perform unscrupulous, if not illegal, activity. What's egotistical about reporting criminals? >>



I thought my post was pretty straight forward. Let me explain it to you.

The &quot;inflated ego&quot; comment was directed to his dissatisfaction with the University's more than adequate response. It seemed like he wanted the University to dish out even more punishment to the student, hence the &quot;inflated ego&quot; comment. Understand?

 

[Napalm381]

His use of the term &quot;laconic&quot; was quite appropriate and unegotistical. The response is of the &quot;thanks, we're clueless&quot; attention, too often seen of indifferent sysadmins.

 

[PattySmear]

<< His use of the term &quot;laconic&quot; was quite appropriate and unegotistical. The response is of the &quot;thanks, we're clueless&quot; attention, too often seen of indifferent sysadmins. >>




The fact that the original poster expected anything more than a concise reply is evidence of his inflated ego. What more does he want, a junior g-man badge?

 

[Thanatopsis]

Pattysmear, you remind me of another fanatic liberal that went by the name of 2ndhandnews.

I didn't really think that WoundedWallet's post called for a flame. Just saying

<< Realize that your lone system barely registers a blip on their radar screen. >>

would have been sufficient.

 

[PattySmear]

<< I didn't really think that WoundedWallet's post called for a flame. >>




Woah! I haven't even begun to flame, nor do I intend to due to the number of thin skinned members 'round these parts.

 

[jmcoreymv]

And since when was port scanning illegal? Thats right, its not, deal with it, we all get port scanned.

 

[shadow]

what jmcoreymv said

 

[Napalm381]

(1) Port scanning, while not illegal, is certainly not an activity that most college students have any legitimate reason to do.

(2) Although I am not sure, I would suspect that the university has firm rules against using the university network for such shady activities.

Don't confuse &quot;thin-skinned&quot; with &quot;people who attempt to discuss things in a generally rational manner&quot;. When you use such derogatory language, be prepared to treated accordingly.

 

[axelfox]

What, then, are reasons for legit port scanning?

 

[AnimeKnight]

kinda OT but how do you check if you being scanned?

 

[Jmman]

Most people detect port probes through software firewalls like Blackice Defender or others. I must get scanned 50 times a day. It pretty much is a waste of time trying to do anything about it since it happens so often.... Of course I do have a firewall myself though!!

 

[WoundedWallet]

Patty,
as you and Deicide assumed incorrectly, I wasn't expecting an answer with explanantions of their actions. But I did expect a &quot;thank you&quot; at the end of the note.

If you consider expecting a thanks to be an ego problem, then you're right. But in my world it's just a sign of politness. A trait that many people don't have anymore, including you.

jmcoreymv,
port scanning is not illegal as you said. But it is known that our Universities were and possibly still are being used in DDoS attacks. My original message to the school was for them to check to see if one of their machines was compromised. I didn't think that it was a lone stupid kid fishing around. But apparently there are many stupid kids around.