[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry/Active System Attacks
- Subject: Re: [cobalt-security] PortSentry/Active System Attacks
- From: "Dave" <maxdoubt@xxxxxx>
- Date: Fri, 11 May 2001 15:38:15 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Sent: Friday, May 11, 2001 1:17 PM
Subject: Re: [cobalt-security] PortSentry/Active System Attacks
> I strongly disagree. While it is not "illegal" to portscan some else's
> systems (depending on the country you live in), it is generally indicitive
> of something happening on the source machine. Nothing may happen to you,
> but I'm sure that the source administrator would appreciate hearing that
> one of his boxes is doing portscans. By letting him know, you have
> possibly stopped the problem before it gets to you.
: everybody as he sees fit. But IF I'd report each and any portscan to the
: admin of the originating network(s) I'd do nothing else the whole day. Today
: has been a quite day. I've been portscanned five times so far in the last 19
: hours, all from different networks. And there were seven or eight attempts
to
: access port 111. All of them were firewalled by Portsentry with IPChains.
This seems to be a question for each individual. When I see my box getting
scanned,
I find out who it is then, depending on factors like who it is, what country
and other
information like the registered e-mail addys for the offending ISP, I just use
a gut-feeling.
I don't believe that never OR always are good solutions. Trust your instinct.
Weird,
usually the ones I do report seem VERY interested in my report. Also, it
depends on
WHICH port they scanned - know your ports/why this port is getting scanned.
Dave~