Security Incidents mailing list archives
Re: Scans... (was Re: 3 Solaris reboot in 3 days)
From: mixter () 2XS CO IL
Date: Wed, 2 Aug 2000 02:43:20 +0300
Our company was doing a test scan of a class A network, 195.0.0.0/8 for dns server versions. Of course we never have or will probe intensively single private networks specifically without their permission. Also, a non-intrusive querying for bind versions, to get a better perspective of security by gathering demographic data of the used bind versions (with bind being arguably the most often exploited service recently). After our scan of some 16.581.375 addresses for just this information, all that we have received were 3 requests to explain our activity, which we promptly did. I noticed you mention BlackICE on Windows 98. From my experience, it is a very sensitive type of IDS, that can create extensive log entries, for example "DNS port probe" for just receiving an udp/53 packet, and "BIND version request" additionally to the first notice. That might be why you originally considered this incident more than a simple version query. ------------------------------------------------- Personally expressed opinions do not neccessarily represent the opinions of 2XS Limited. ------------------------------------------------- Mixter 2xs LTD. Tel: 972-9-9519980 Fax: 972-9-9519982 Mail: mixter () 2xs co il Web: http://www.2xs.co.il -------------------------------------------------
Current thread:
- Scans... (was Re: 3 Solaris reboot in 3 days) Pierre Vandevenne (Aug 01)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) mixter (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) Pierre Vandevenne (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) Ben Laws (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) mixter (Aug 02)