IDS mailing list archives
Re: slow scans?
From: Tod Beardsley <todb () planb-security net>
Date: Sun, 16 Feb 2003 12:33:23 -0600
Johannes asked:
What would you do different if you know someone is scanning you slowly?
About the only reason I can think of to actually care about low-n-slow scans is to provide evidence to The Authorities -- assuming your scanner follows through with an actual attack, is reasonably successful, is detected, is positively identified, is arrested, and goes to trial. Your original scan data would go towards establishing his intent to attack you. (IANAL.) Most organizations don't particularly care about this (unlikely?) chain of events, if only implicitly, by their lack of a legally robust evidence-handling policy. -- "It's okay to yell fire in a crowded theater if the theater is actually on fire." Tod Beardsley | www.planb-security.net
Current thread:
- slow scans? Anton Chuvakin (Feb 12)
- Re: slow scans? Johannes Ullrich (Feb 12)
- Re: slow scans? Anton Chuvakin (Feb 12)
- Re: slow scans? James Hoagland (Feb 14)
- Re: slow scans? Tod Beardsley (Feb 18)
- RE: slow scans? Rob Shein (Feb 18)
- Re: slow scans? Johannes Ullrich (Feb 12)
- Re: slow scans? Ron Gula (Feb 12)
- Re: slow scans? Anton Chuvakin (Feb 12)
- Re: slow scans? James Hoagland (Feb 14)