On Tue, 21 Dec 1999, Eric wrote:
> I'm getting kind of tired of sending reports of
> port scans and attempted break-ins to people who
> don't really seem interested in doing something
> about the problem. I always ask them to keep me
> informed about how they deal with those
> responsible, but very few have the courtesy to
> actually do so. It leaves me wondering if they
> did anything at all or if they just ignored the
> problem.
For a lot of places a scan isn't terribly important. For others,
notifying a 3rd party, even an aggrieved one is a privacy violation that
they can't permit. That's the nature of the 'Net, and nothing is going
to stop it.
Some countries seem to have even allowed port scanning as legally
legitimate activity.
>
> So something else is needed.
>
> Suppose we set up a firewall that, when it detects
> a port scan, would spoof the source address and
> perform a port scan against the port scanner's ISP?
> That way, the ISP would see a port scan coming
> from one of his own customers and would be more
> likely to take an active interest in putting a
> stop to it.
In that case, they'd probably be more interested in putting a stop to
you, and you'd perhaps run afoul of the law if you hit one of their
customer's machines. I'd recommend against it. Also, if they source
spoofed, you'd be scanning a bunch of other networks that don't belong to
an attacker. If those were the right networks, you'd probably be in
court pretty quickly if anyone backtraced the traffic to your AS. I'd
highly recommend getting competent legal advice from an attourney with a
clue prior to initiating anything like this.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
