Re: slow scans?

[Tod Beardsley <todb () planb-security net>]

Johannes asked:

> What would you do different if you know someone is scanning you
> slowly?

About the only reason I can think of to actually care about low-n-slow 
scans is to provide evidence to The Authorities -- assuming your 
scanner follows through with an actual attack, is reasonably 
successful, is detected, is positively identified, is arrested, and 
goes to trial. Your original scan data would go towards establishing 
his intent to attack you. (IANAL.)

Most organizations don't particularly care about this (unlikely?) chain 
of events, if only implicitly, by their lack of a legally robust 
evidence-handling policy.

-- 
"It's okay to yell fire in a crowded theater
if the theater is actually on fire."
Tod Beardsley | www.planb-security.net