Re: A slap on the wrist...?

[Nexus <nexus () PATROL I-WAY CO UK>]

Hi folks,
    Am I missing something here, or is that fact that a scripted, sequential
single portscan getting dropped by a firewall a non-issue in the grand
scheme of things ?
When I used to do firewall installs & support, clients seeing a scan for
port 31337 (say) sweeping across their entire valid public IP block, would
go straight to DEFCON 3, pass out the Uzi's from behind the admin's spare
cable boxes and scream 'we are being attacked!'
Errrr.... nope (said I).   Chances are that someone has scanned a shedload
of addresses for that port - they probably scanned the private IP's and
localhost as well and the time stamps are so fast that it must be
automated - they don't even know you exist as you won't be logged by their
scan - be aware of such things but don't panic.   Putting myself temporarily
in the kiddie mindset, if I thought that an admin was playing with me then I
would take that as a personal insult to me and my 3l33t status, would IRC
all my mates and when we all get home from school we are gonna make you pay,
lame@ss dude !
*ahem*
If you have the time to play with honeypots/FakeBO or whatever, then fine -
most admins won't have though ;-)
Personally, I'd just leave the kiddies to their games and keep a general eye
on things - I'll let the security implementations handle it, I'll be in the
pub mate.

Regards,
            JJ

----- Original Message -----
From: H Carvey <keydet89 () YAHOO COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, August 29, 2000 5:53 PM
Subject: Re: A slap on the wrist...?


> > Man, this particular person can't be overly clever.
>
> That's why they call them kiddies...