nanog mailing list archives
Re: Dynamic IP log retention = 0?
From: Joe Greco <jgreco () ns sol net>
Date: Fri, 13 Mar 2009 07:53:35 -0600 (CST)
On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco <jgreco () ns sol net> wrote:Well most port scanning is from compromised boxes. Once a box is compromised it can be used for *any* sort of attack. If you really care about security you take reports of ports scans seriously.Yeahbut, the real problem is that port scanning is typically used as part of a process to infect _other_ boxes. If you allow this sort of illness to spread, the patient (that is, the Internet) doesn't get better.Port scanning is the Internet equivelant of the common cold. They're a dime a dozen. I recommend taking some Vitamin B and D. Block, and Drop.
No, it's more comparable to the jerk who not only doesn't stay at home with his cold, but actively walks around the workplace coughing and sneezing without covering his mouth/nose with a kleenex, spraying people. The reality is that it fails the "if everybody did this, would it be a good thing" test. While some "B&D" is common sense on the receiving end, this does not make it any more correct for the originating site to let it keep happening. If every PC on the Internet (conservatively, let's assume a billion devices that are sufficiently sophisticated that they could be infected) were to send you a single packet per day, you'd be seeing over 10,000pps. That should suggest that the behaviour is not something to be encouraged. My locking my doors does not mean it's okay for you to check if my door is locked. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Dynamic IP log retention = 0?, (continued)
- Re: Dynamic IP log retention = 0? Ross (Mar 12)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 12)
- Re: Dynamic IP log retention = 0? Ross (Mar 13)
- Re: Dynamic IP log retention = 0? Valdis . Kletnieks (Mar 13)
- Re: Dynamic IP log retention = 0? Ross (Mar 13)
- Re: Dynamic IP log retention = 0? JC Dill (Mar 13)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 14)
- Re: Dynamic IP log retention = 0? Mark Andrews (Mar 12)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 12)
- Re: Dynamic IP log retention = 0? Martin Hannigan (Mar 12)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 13)
- Re: Dynamic IP log retention = 0? Bobby Mac (Mar 13)
- Re: Dynamic IP log retention = 0? Valdis . Kletnieks (Mar 13)
- Re: Dynamic IP log retention = 0? Bill Stewart (Mar 13)
- Re: Dynamic IP log retention = 0? Charles (Mar 13)
- Re: Dynamic IP log retention = 0? Rob Evans (Mar 12)
- Re: Dynamic IP log retention = 0? JC Dill (Mar 12)
- Re: Dynamic IP log retention = 0? Bill Bogstad (Mar 14)
- Re: Dynamic IP log retention = 0? Neil (Mar 14)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 14)