It would be useful data in determining intent. Is the attacking
machine itself compromised? That sort of thing. Also, in general, and
internal system that is displaying behavior X could probably use a scan.
--Bry
-----Original Message-----
From: Jack Solomon [mailto:[EMAIL PROTECTED]
Sent: Monday, March 08, 2004 9:09 AM
To: [EMAIL PROTECTED]
Subject: FW: Nessus and Snort
Would someone please explain the benefit of retaliatory scans? As a
white-hat, my responsibility is to protect our internal systems from risks
(virus, hacking, spamming, stupid users). While it would be interesting to
get into infowarfare, which is essentially what this is, I don't see the
gain.
>
>-----Original Message-----
>From: Hugo van der Kooij [mailto:[EMAIL PROTECTED]
>Sent: 05 March 2004 21:54
>To: [EMAIL PROTECTED]
>Subject: Re: Nessus and Snort
>
>
>On Fri, 5 Mar 2004, Jon Goode wrote:
>
> > Has anyone considered setting up snort to detect network scans from
>external
> > networks, then automatically having nessus 'retaliate' a scan and post
>the
> > results of the offending machine? Or could this loop? :)
>
> >From a legal point of view it would be illegal in most countries.
>(Enforcing it is another matter but I know Dutch crackers shouldn't try
>poking foreign sites as some of them found out the hard way.)
>
> >From a technical point of view it is likely you will try to hit the wrong
>people and effectively be part of the menace.
>
>Hugo.
>
>--
> All email sent to me is bound to the rules described on my homepage.
> [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
> Don't meddle in the affairs of sysadmins,
> for they are subtle and quick to anger.
>_______________________________________________
>Nessus mailing list
>[EMAIL PROTECTED]
>http://mail.nessus.org/mailman/listinfo/nessus
>
>
>**************************************
>CONFIDENTIALITY NOTICE/DISCLAIMER
>
>This email and any attachments are confidential,
> protected by copyright/intellectual property rights and
>may be legally privileged. If you are not the intended
>recipient, dissemination or copying of this email is
>prohibited.
>
>If you have received this in error, please notify us by
>forwarding this email to the following address
> ( mailto:[EMAIL PROTECTED] ) and then
> delete the email completely from your system.
>
>This email and any attachments have been scanned for
>computer viruses by a market leading anti-virus system.
>However, it is the responsibility of the recipient to conduct
> its own security measures. No responsibility is accepted
> by Markel International Ltd. and/or its
>subsidiaries/service companies for loss or damage
> arising from the receipt or use of this email and any
>attachments.
>
>No responsibility is accepted by Markel International Ltd.
> and/or its subsidiaries/service companies for personal
> emails.
>
>Markel International Ltd, http://www.Markelintl.Com
>
>**************************************
>
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
