Sent: Friday, May 11, 2001 1:17 PM
Subject: Re: [cobalt-security] PortSentry/Active System Attacks
> I strongly disagree. While it is not "illegal" to portscan some else's
> systems (depending on the country you live in), it is generally indicitive
> of something happening on the source machine. Nothing may happen to you,
> but I'm sure that the source administrator would appreciate hearing that
> one of his boxes is doing portscans. By letting him know, you have
> possibly stopped the problem before it gets to you.
: everybody as he sees fit. But IF I'd report each and any portscan to the
: admin of the originating network(s) I'd do nothing else the whole day. Today
: has been a quite day. I've been portscanned five times so far in the last 19
: hours, all from different networks. And there were seven or eight attempts
to
: access port 111. All of them were firewalled by Portsentry with IPChains.
This seems to be a question for each individual. When I see my box getting
scanned,
I find out who it is then, depending on factors like who it is, what country
and other
information like the registered e-mail addys for the offending ISP, I just use
a gut-feeling.
I don't believe that never OR always are good solutions. Trust your instinct.
Weird,
usually the ones I do report seem VERY interested in my report. Also, it
depends on
WHICH port they scanned - know your ports/why this port is getting scanned.
Dave~
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
