RE: Scans from proxyprotector.com

["Rob Shein" <shoten () starpower net>]

What do you do when someone decides to spoof a ton of scanning activity from
someone they dislike, to get them on the list?  If you only react to full
connect scanning, you won't catch many bad guys, but if you don't require
handshaking, you become a great tool for the abuse of others.  

-----Original Message-----
From: Mark Ng [mailto:laptopalias1-mark () informationintelligence net] 
Sent: Tuesday, May 27, 2003 6:10 AM
To: Justin Pryzby; Kurt Seifried
Cc: incidents () securityfocus com
Subject: RE: Scans from proxyprotector.com



> Or a site that lists hosts that should be blocked?  Like the dynamic 
> email blocking: just cron a daily download and firewall rule update.
>
> Anyone up for this?

I'd be up for lending a helping hand in a project such as this - it might
take some brave soul to host it though.  I would say you'd *definitely* need
a lawyer on hand though to write a fairly waterproof usage policy.  Any
lawyers on list who would help out ?

> Justin Pryzby
>
> > Great. So that only took 2 weeks. Stellar. Does anyone know of
> a site that

Like the guy later on said - I suppose we should at least be thankful that
they did anything at all.  Although it appears sending mail to abuse@ didn't
, and probably wouldn't have helped at all.

Regards,


Mark Ng (www.informationintelligence.net)


----------------------------------------------------------------------------
----------------------------------------------------------------------------




----------------------------------------------------------------------------
----------------------------------------------------------------------------