Re: Re: Has anyone received one of these?
By: Todd Yatzook to Bradley D. Thornton on Thu Sep 05 2019 10:55 am
> On 05 Sep 2019, Bradley D. Thornton said the following...
> BD> It was kind of a shocker. I've had customers who were bad actors before
and had to whack their services and accounts, but I've never gotten
> BD> something that pretty much insists that I close an open port on one of
my machines.
> I'd suggest that they review what a BBS is, and point them to various sites
of BBS-related material on the internet, showing that while telnet is
> *techincally* a way for people to acquire passwords and such, it's a medium
that
> also relies on closed systems and "security through obscurity".
> Just sounds like you got caught up in a sweep that checks for open port
vulnerabilites, with an automated response. I'd still follow up on a
> response, though.
Okay here's an update on that :)
I opened a ticket with my upstream, they came back and gave me a real (as
opposed to a noreply) email address and said to contact the agency (no pun
intended) directly. Here's the exchange with them (tl;dr is that everything
worked out):
Dear Bradley D. Thornton,
thanks a lot for your detailed feedback!
We have now whitelisted 95.216.171.182 for telnet reports.
Kind regards
Team CERT-Bund
--
Bundesamt für Sicherheit in der Informationstechnik (BSI)
Federal Office for Information Security
Referat OC 23 - CERT-Bund
Section OC 23 - CERT-Bund
Godesberger Allee 185-189
53175 Bonn, Germany
Tel: +49 (0)228 99 9582 5110
Fax: +49 (0)228 99 9582 7025
Web:
https://www.bsi.bund.de/CERT-Bund/
https://www.bsi.bund.de/EN/CERT-Bund/
PGP & S/MIME:
https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Aktivitaeten/CERT-Bund/Kontakt/kontakt_node.html
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/Contact/contact_node.html
Am 09.09.2019 13:10 schrieb Bradley D. Thornton:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> I received the attached letter via email three days ago from your abuse
> department, via my provider, Hetzner.de
>
> I do indeed run a service via telnet, over IPv4 as well as IPv6. It is
> a BBS
> system and telnet on port 23 is standard for BBSes, and also, port 23
> is assigned as such by IANA, for telnet purposes specifically, and as
> a legitimate service for forward facing Internet services.
>
> I do appreciate the concerns of the German Federal Office for
> Information Security (BSI), am quite aware of the potential for abuse
> in OTHER circumstances, but the BBS does not permit shell access to
> the system in anyway and further, the daemon drops privs to a regular
> user following start up and operates in a chrooted dosemu environment
> itself.
>
> This is perfectly normal, legitimate, and an accepted (and safe)
> practice, and there are no documented cases of system compromise that
> I or any other BBS SysOPs that I have discussed this with are aware of
> historically, for services configured in the way explained above.
>
> I would, however, like to thank you for bringing this to my attention,
> it reinforces my confidence in your commitment to proactive management
> in safeguarding the assets service providers such as myself, and
> please feel free to add this particular port number for my IP address
> (95.216.171.182:23) to your white list.
>
> Thank you in advance, for your assistance in this matter, and do feel
> free to contact me directly if you have any further questions.
>
> Kindest regards,
> - --
> Bradley D. Thornton
> Manager Network Services
> http://NorthTech.US
> TEL: +1.310.421.8268
> -----BEGIN PGP SIGNATURE-----
> Comment: Find this cert at hkps://keys.openpgp.org
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQEzBAEBCAAdFiEENWT7St9Eg6sLyiLAuIw5wQytyEkFAl12Mp8ACgkQuIw5wQyt
> yEk4+Af8DTRMQUpTOzTye7/eWjfSpgoM1hWUP3JP8PQrnOTLV5N/o3an+K4nVJwx
> GtD1VFUGToe+on2fo5Q6aNr49ppEFHJseMQWcHoMFP2pdoAKaGEB3Lqgd71J88f7
> 3fL6Pkba+DCQNXUOBp5EDIKdTezCfgC+mYqsr0IFa8eWIN4ZrUYIYpeaC6uNUX7L
> W0lCrBO4zjzgo0VUT128LaDQEacUZXoDqk63h5m0DP5fDy2N+9Lecat1Hc72CBFz
> ZneEJcLLIPtR/cgkRYu4THXFXoCHAmGDXxOv/EFdQgSkP0naaLfAi/huI/eHt4yH
> Nrw3/w7XPQTyg8fCrS3DczzcROLp3A==
> =HzwE
> -----END PGP SIGNATURE-----
>
Well I just thought that I'd share that with everyone :)
Kindest regards,
Bradley
.
--- SBBSecho 3.09-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|