Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: H Carvey <keydet89 () YAHOO COM>
Date: Sun, 27 Aug 2000 13:10:44 -0700
Once a week? Hmm..
Yeah. By then the scroll bar on my EventLog window is getting pretty small.
If it's over a few minutes later, and the source was a dialup, you almost certainly just nmap'ed the wrong user, who may or may not retaliate with complaints or worse.
As a security consultant, I am well aware of this...the whole issue of even attempting to identify the true source of an attack (even before the DDoS attacks in Feb) is one that is best described as a well-beaten dead horse (although admittedly some just don't seem to get it). My nmapNT response is a hard-coded stealth scan of specific ports...so there is no issue of overwhelming bandwidth, even for the occaisional dialup user. I make no attempts to query further (with that particular script, anyway), even when I find an open portmapper or NetBIOS session port. So all in all, the script that retrieves source IP addresses from my snort alerts is fairly harmless. Retaliation? Not that I'm too concerned...I am aware of how my box is configured, and monitor it's health and welfare pretty religiously. Most of the scans seem to be from folks who have Win9x boxen, with the occaisional scan from a Linux box, owned and operated by one who undoubtedly is unfamiliar with the phrase "recompile your kernel", or what the /etc/inetd.conf file does... __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Sub7/Open Telnet/Open Socks/DOS, (continued)
- Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Valdis Kletnieks (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 29)
- Re: Annoy Those Sub7 Scanners. Doug Kahler (Aug 27)
- Re: Annoy Those Sub7 Scanners. Valdis Kletnieks (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)
- Re: Annoy Those Sub7 Scanners. Snehal Dasari (Aug 28)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Computer Vegetable (Aug 31)
- Re: Annoy Those Sub7 Scanners. Bryan Andersen (Aug 31)