Security Incidents mailing list archives
Re: A port scan is not an Incident (was No one wants responsibili ty)
From: Paul Franson <pfranson () VIROLOGIC COM>
Date: Wed, 20 Sep 2000 12:50:37 -0700
Most of what I've seen from you on this list has been reports from your copy of BlackICE. Port scans, in and of themselves, do not warrant being reported as hacking/intrusion attempts. Have a heart folks. Scanning might be annoying, but that's it. It's part of being on the net.
Man, I really have to disagree with just about everything in that paragraph. 1) Any more, 9 out of 10 port scans represents a script kiddie that has taken over a machine and is using it to find another. As a network administrator, I most certainly want to know if people are seeing a machine under my control performing these scans. If you guys EVER see a port scan coming out of a network I own, please, please let me know. 2) The activity in question has but one purpose, to find a computer to be exploited. Semantic/legal arguments abound on this subject, but many of us feel that intent to commit a crime constitutes a crime. In many localities, unauthorized intrusions into a computer network represent a crime. If I see someone repeatedly driving down my street looking for houses to rob, the police tell me I should report it as suspcious activity. If I see someone hanging around a school yard in a trenchcoat in the middle of summer looking at the little girls (or boys) on the playground, I think I should probably report that too. Define, please, the difference. If the job of policing your network is too hard for you, perhaps you are understaffed or in the wrong occupation. 3) It's only part of being on the net if we allow it to become so. See SPAM for a comparison -- "Just hit delete" means that everyone with a herbal suppliment to sell gets to flood my mailbox with relative impunity. "Just write it off as being part of the net" means that I can never be sure of my network's security. I will never accept that. 4) My network is my (or my company's) property. Intrusions and intrusion attempts are tresspassing. I reserve the right to allow my dobermans to bark at people trespassing on my property.
Current thread:
- Re: A port scan is not an Incident (was No one wants responsibili ty) Paul Franson (Sep 21)