I contact SysOps whenever I have a "suspicious" port scan...
For instance, If I have a failed connection to port 53 (I don't even run
DNS), then I can only assume that someone is trying to do a buffer overflow.
If I see (attempted) connections to anything I don't allow, or have limited,
I report it.
Most SysOps don't want people pulling this crap on their networks, and are
happy to look in to the perceived problem - after all, who wants to be
thought of as the equivalent of APNIC?
Also, I figure it's better to catch some dumbass script-kiddie before he
gets into any real trouble...
> -----Original Message-----
> From: Heman Leopando [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 6:55 PM
> To: [EMAIL PROTECTED]
> Subject: RE: port scan reported by portsentry
>
> I remember reading an article (slashdot i believe) that a court in Georgia
> ruled portscaning as legal.
>
> I agree, with this writer as to not panic over simple acts as
> portscanning.
> Granted that security measures have to be implemented first, which should
> be
> standard practice anyway. Thorough research on vulnerabilities and
> reading
> through security mailing lists should be conducted frequently.
>
> my 2.5 cents... :)
>
> heman
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Denis
> > Sent: Tuesday, February 13, 2001 4:36 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: re: port scan reported by portsentry
> >
> >
> > Greetings,
> >
> > responses you got (confirmed by other list members) are not
> > portscans. Port 27015 is usually used by a Half-Life [game]
> > server running
> > the Counterstrike mod :-)
> >
> > So, someone was under the wrong impression that you were
> > running a game
> > server and tried to connect until you denied the connection with your
> > portsentry response.
> >
> > Re: your tactics to report every port scan to the authorities
> > of the ISP
> > - I disagree with it, since not every port scan (like in this
> > case) is a
> > port scan. This adds to the overhead some ISP sysadmins get
> > during normal
> > working hours. I am not sure that portscanning has been
> > announced by law a
> > crime or misdemeanor (unless portscanning interferes with the normal
> > conduct of your business and such causes financial damages).
> > Correct me
> > here if I am wrong. At least not yet. Personnaly in my spare
> > time I prefer
> > finding/fighting spam mail abusers.
> >
> > Regards,
> > Denis R.
> > ex-ISP sysadmin
> >
> >
> >
> >
> > _______________________________________________
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
