Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unauthorized scan from you

From: The Hermit Hacker <scrappy () hub org>
Date: Sat, 13 Feb 1999 19:44:50 -0400 (AST)

Hi Dave ...

        Thank you for the update.  I'm going to resume the probes, now
that *my* fears are now allayed also ... :)

        Once this initial bootstrap is done, then I'm only going to be
re-probing those that were successful the first time through, minus any
ones listed as ignored, plus those added manually by ppl around the
'Net...

        When it gets to that point, then those being probed either
don't/won't care, or will have added/removed their own IPs...

On Sat, 13 Feb 1999, Dave Matthews wrote:


Hi Marc, I just phoned the sysop on that machine, and found that he
routinely sets eth0 to promiscuous mode for his own reasons.  (Monitoring
for SATAN-like probes, including yours.)  No fault of yours or your
software.  Just happened to show up in the syslog at the same time.  Sorry
for the inaccurate alarm.

I hope you and your nmap-hacker colleagues are aware of the distress these
anonymous probes can cause amongst us less-hip sysops who don't and can't
know what you're doing or why you're doing it.  Some of us have professional
responsibilities to maintain our internet servers online 24x7, on which our
livelihoods depend.  And don't have resources to hire a fulltime internet
security crew to support that responsibility adequately.

Thank you for your concern.  You're a good man, my fears are allayed.

- Dave



Hi Dave...

        Effective upon reading this email, I have shut down the probe
until *I* can get further clarification on this as well.

        So far as *I* knew, there is no way that I, on this end, can force
your ethernet ito promiscuous mode...it has to be done as root on the
machine itself.  I've CC'd this to the NMAP mailing list, hoping someone
else can give a good explanation for this...

        ...if it is something that I've done, then the probe will be
shutdown *permanently* effective now...I'm just confused as how it could
be something I've done.










Marc G. Fournier                                
Systems Administrator @ hub.org 
primary: scrappy () hub org           secondary: scrappy@{freebsd|postgresql}.org
Previous By Date Next
Previous By Thread Next

Current thread: