Security Incidents mailing list archives
Re: DNS Scanning for blocking
From: Abe Getchell <agetchel () KDE STATE KY US>
Date: Thu, 21 Dec 2000 12:52:56 -0500
Hi Zeffie, I will give you advice, but in return ask for one pass to the establishment in question. Leave it at the front door and tell 'em my name! =D Seriously though... What they're doing isn't illegal, at least in Kentucky. There was a law was passed back in 1998 (SB230) which required us (being the Department of Education) to provide filtering services for all of our 1400 schools across the entire state. These filtering services must keep K-12 students (or at least make it reasonably difficult for them) from accessing pornography on the Internet. A lot of the filtering is being done by programs like the one you mention. So instead of being illegal, it is actually explicitly _legal_ for them to do this here. Keep in mind that you're dealing with two different issues here: them scanning your network, and them adding your domain to a list that they block access too using their product; I speak above too the latter of these issues. As to the issue of the scan, it is actually explicitly _illegal_ here in Kentucky as there are local laws which state that a 'probe' against a computer network is a jailable offence. Check your local laws and proceed with caution; I'd imagine these guys pay a lot of money every year for legal assistance. Thanks, Abe Abe L. Getchell - Security Engineer Division of System Support Services Kentucky Department of Education Voice 502-564-2020x225 E-mail agetchel () kde state ky us Web http://www.kde.state.ky.us/
-----Original Message----- From: Zeffie [mailto:zeffiechat () HOTMAIL COM] Sent: Thursday, December 21, 2000 4:41 AM To: INCIDENTS () SECURITYFOCUS COM Subject: DNS Scanning for blocking I Host a site for the local strip club and lately I started getting messages like this for several domains. Dec 20 01:13:22 www named[2105]: unapproved AXFR from [157.167.1.21].4238 for "theirdomain.NET" (acl) Dec 20 01:13:23 www named[2105]: unapproved AXFR from [157.167.1.21].4239 for "theirdomain.NET" (acl) I checked into it and found that surfcontrol is responsable for this. They are doing it to confirm their "Block Lists" are correct. So they can block the domains from being accessed by employees/customers of bussiness that they sell their product to. So am I crazy or did they scan my network with the intent of blocking traffic and thereby causing me direct finanical losses? Is what they are doing legale? Have they broken the law in several states? Zeffie (Michigan)
Current thread:
- DNS Scanning for blocking Zeffie (Dec 21)
- Re: DNS Scanning for blocking Jonathan Rickman (Dec 21)
- Re: DNS Scanning for blocking Mathieu Mourez (Dec 22)
- Re: DNS Scanning for blocking Nexus (Dec 22)
- Re: DNS Scanning for blocking Mathieu Mourez (Dec 22)
- <Possible follow-ups>
- Re: DNS Scanning for blocking Abe Getchell (Dec 21)
- Re: DNS Scanning for blocking Jonathan Rickman (Dec 21)