This response is unacceptable. It seems to me that if my neighbor complains that my kid is trying to find out whether he locks his doors at night, then I have a responsibility to take appropriate measures. Likewise, if I were to find that one of my users were probing the security at clear.net.nz, they could reasonably expect me to take some action (and I'm pretty sure that it would be a high priority). At the very least it would seem courteous to alert the user that something is amiss; as I understand it, BO can be running and the user can be unaware of it. I don't know what New Zealand's laws regarding computer security are, however this is an international company with strong presence in Australia. I'm sure that we could learn something about them if necessary. If this probing of my network from clear.net.nz continues, I will be forced to explore my options, including denying all access from your network to mine. Chris Knox Security Administrator Hypercom Corporation According to CLEAR Net Abuse Team: > From [EMAIL PROTECTED] Thu Jul 1 20:10:05 1999 > Date: Fri, 02 Jul 1999 16:09:43 +1300 > To: Chris Knox <[EMAIL PROTECTED]> > From: CLEAR Net Abuse Team <[EMAIL PROTECTED]> > Subject: Back Orifice (was Re: Possible Scan Originating from your > domain) > > > Thanks for reporting incident of Back Orifice scans that may have > emanated from our network. > > > As with any other kind of network based attack, we maintain that it is > the responsibility of the end user or their system administrator to > maintain security and integrity of their systems. > > > If your firewalls discarded BO scans, then they are doing their job. We > don't consider it worth investigating. > > > Sincerely, > > T Murugesh > > Clear Net Abuse Team > > > At 04:56 PM 30/6/99 -0700, you wrote: > > > > > >While dredging my firewall logs I discovered the appended lines. The > >destination address (dstaddr=) is my web server, www.hypercom.com. I > >can't say that some is up to no good, but it does appear that someone > >is rattling my doorknob. I'd appreciate your investigating. > > > >All times are Mountain Standard Time, GMT -7. > > > > > >Jun 28 19:24:04 firewall kernel: securityalert: no match found in > forward screen: TCP if=eb2 srcaddr=203.167.198.37 srcport=80 > dstaddr=208.248.230.4 dstport=1198 > > >Jun 28 19:24:05 firewall kernel: securityalert: no match found in > forward screen: TCP if=eb2 srcaddr=203.167.198.37 srcport=80 > dstaddr=208.248.230.4 dstport=1200 > > >Jun 28 19:24:08 firewall kernel: securityalert: no match found in > forward screen: TCP if=eb2 srcaddr=203.167.198.37 srcport=80 > dstaddr=208.248.230.4 dstport=1201 > [etc.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
