Not to start a flame war here but I would imagine his suggestion was only
half serious.
I certainly understand how he feels. I am personally at the point where I
am really, really sick of all the wanna-be hackers out their running their
little script kiddies and probing my network. I'm quite sure most of them
wouldn't have a clue what to do if they really did find something but since
that is an assumption we can't afford to make, every single one has to be
taken seriously and that takes time I sure could spend on other, more
productive things. There seems to be phases to this business and I am in
the pissed-off stage right now.
I would never retaliate on a scan or even an attack, I can only imagine the
consequences of such action if it went wrong. However, I do dream about it
sometimes and wake up smiling.
Jim Edwards
P.S. I have had excellent results from sending my scan outputs to the
various abuse@isp addresses.
-----Original Message-----
From: Dan R Dunn -CTR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 15, 2000 6:13 AM
To: John Stevenson
Cc: 'hermit1'; [EMAIL PROTECTED]
Subject: RE: [FW1] hacker 194.73.175.25
(Embedded
image moved
to file:
pic10108.pcx)
Now there's a real thoughtful, mature suggestion. If all of us ping bombed
everyone who scanned us every time we got scanned, nothing else would move
on
the Internet. Not to mention ping bombing a site (better known as a Denial
of
Service attack) is ILLEGAL in most civilized countries, including the US and
Britain. Can we say law suit? Possible prosecution? I hope you're not
expressing Southwest Security Group's official position on how to handle
scans,
intrusion attempts, etc. Your suggestion is the most irresponsible thing
I've
ever heard. I wonder what your ISP would think if they knew you advocated
retaliatory strikes against possible probes? Or maybe your CIO/CEO should
be
informed of what you advocate. What you suggest makes you no better than
the
hackers/crackers/script kiddies out there.
I'll get off my soapbox now.
For hermit1: If you can't get in touch directly with bt.net, contact their
up-channel ISP. You can usually get a response by sending an email to
[EMAIL PROTECTED] or [EMAIL PROTECTED] NEVER attempt to retailate
against
a suspected probe. It could be an innocent misconfiguration, or as you
suggested, the source address may be spoofed, in which case you just nuked
the
wrong source. Any retaliation, other than legal steps through proper
channels,
only lowers us to the level of the slime out there that has nothng better to
do
than to probe other people's networks.
----------------------------------------------------------------------------
---
Daniel R. (Dan) Dunn, EE
Sr. INFOSEC Engineer, GRC Int'l (an AT&T company)
OSD-ITD Firewall Administrator
p: 703-614-8086, ext 300
The opinions expressed by the author are entirely his own, and
do not reflect those of AT&T, GRCI, Inc., or its subsidiaries,
nor do they reflect policy, opinion, or endorsement by the
US Department of Defense or any of its agencies.
-------------- In Response to --------------
From: John Stevenson <[EMAIL PROTECTED]> on 06/14/2000 04:29 PM
To: "'hermit1'" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
cc:
Subject: RE: [FW1] hacker 194.73.175.25
PING BOMB THEM!
-----Original Message-----
From: hermit1 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 14, 2000 2:54 PM
To: [EMAIL PROTECTED]
Subject: [FW1] hacker 194.73.175.25
This is relevant only because my FW-1 logs show me this problem, but
someone on this list must know the answer. I am trying to get in touch
with someone at bt.net (apparently in England) to get them to stop scanning
my address space (currently on scan number 4), or maybe someone is spoofing
their IP address. The email addresses listed in RIPE do not exist.
Any help will be appreciated.
hermit1
***************************************************
This is an email. Don't rely on anything seen here
as being accurate without testing it yourself.
***************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
