Nmap Announce mailing list archives
Re: unauthorized scan from you
From: The Hermit Hacker <scrappy () hub org>
Date: Sat, 13 Feb 1999 19:44:50 -0400 (AST)
Hi Dave ... Thank you for the update. I'm going to resume the probes, now that *my* fears are now allayed also ... :) Once this initial bootstrap is done, then I'm only going to be re-probing those that were successful the first time through, minus any ones listed as ignored, plus those added manually by ppl around the 'Net... When it gets to that point, then those being probed either don't/won't care, or will have added/removed their own IPs... On Sat, 13 Feb 1999, Dave Matthews wrote:
Hi Marc, I just phoned the sysop on that machine, and found that he routinely sets eth0 to promiscuous mode for his own reasons. (Monitoring for SATAN-like probes, including yours.) No fault of yours or your software. Just happened to show up in the syslog at the same time. Sorry for the inaccurate alarm. I hope you and your nmap-hacker colleagues are aware of the distress these anonymous probes can cause amongst us less-hip sysops who don't and can't know what you're doing or why you're doing it. Some of us have professional responsibilities to maintain our internet servers online 24x7, on which our livelihoods depend. And don't have resources to hire a fulltime internet security crew to support that responsibility adequately. Thank you for your concern. You're a good man, my fears are allayed. - DaveHi Dave... Effective upon reading this email, I have shut down the probe until *I* can get further clarification on this as well. So far as *I* knew, there is no way that I, on this end, can force your ethernet ito promiscuous mode...it has to be done as root on the machine itself. I've CC'd this to the NMAP mailing list, hoping someone else can give a good explanation for this... ...if it is something that I've done, then the probe will be shutdown *permanently* effective now...I'm just confused as how it could be something I've done.
Marc G. Fournier Systems Administrator @ hub.org primary: scrappy () hub org secondary: scrappy@{freebsd|postgresql}.org
Current thread:
- Re: unauthorized scan from you The Hermit Hacker (Feb 13)
- <Possible follow-ups>
- Re: unauthorized scan from you Dave Matthews (Feb 13)
- Re: unauthorized scan from you The Hermit Hacker (Feb 13)