Abstract
Our security gateway to the Internet, research.att.com provides
only a limited set of services. Most of the standard servers have
been replaced by a variety of trap programs that look for attacks.
Using these, we have detected a wide variety of pokes, ranging
from simple attemps to log in as "guest" to forged NFS packets.
We believe that many other sites are being probed but are unaware
of it: the standared network daemons do not provide administrators
with controls and filters or with the logging necessary to detect
attacks.