Re: [MLUG - DISCUSSION] network scanning?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: Re: [MLUG - DISCUSSION] network scanning?
From: Michael <EMAIL:PROTECTED>
Date: Sun, 1 Apr 2001 00:49:24 -0600 (CST)
In-Reply-To: <EMAIL:PROTECTED>
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

I never have bothered to report scans/attacks to the ISPs themselves as it
is so easy to find a new ISP. I guess I can see alerting someone that
they've been infected but I've always had my doubts that they'd bother
responding if they don't do basic security logging and updates anyway. DoS
attacks now should always be reported. Those are a pain. :) Could it not
be considered defensive action to scan systems that come in contact with
your own on a frequent basis to verify they aren't security problems? I
often scan sites that I give my credit card number or other information I
consider sensitive.

*^*^*^*
Michael McGlothlin <EMAIL:PROTECTED>
http://www.kavlon.com

On Sat, 31 Mar 2001, Mikhail Kovalenko wrote:

> Mike, could you post an example of such a report? My machines get
> scanned on a regular basis, probes often coming in from several places
> at once:
> 
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 209.225.26.99:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 216.33.46.132:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 64.69.165.251:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 209.225.26.99:8 (#12)
> Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> 64.69.165.251:8 (#12)
> Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> 216.33.46.132:8 (#12)
> 
> It's not illegal to scan just like it's not illegal to rattle doors in
> your apartment building. Some will be alarmed and some will not care.
> But you can annoy a lot of people, *especially* those who log every
> disallowed probe or connection attempt  :)  That could amount to a lot
> of logging and is probably not the best way to introduce yourself.

--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Follow-Ups:
- Re: [MLUG - DISCUSSION] network scanning?
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG - DISCUSSION] network scanning?
Next by Date: Re: [MLUG - DISCUSSION] network scanning?
Previous by thread: Re: [MLUG - DISCUSSION] network scanning?
Next by thread: Re: [MLUG - DISCUSSION] network scanning?
Index(es):
- Date
- Thread