Security Incidents mailing list archives
Re: probe backs? was Re: [INCIDENTS] Korea
From: rquinn () SEC SPRINT NET (Rob Quinn)
Date: Mon, 31 Jan 2000 16:15:27 -0500
[...] i often do a few telnets to odd ports (ie banner grabbing) and a quick nmap scan.
I do passive scans against sites hitting me or my customers.
i doubt i'm the only one who does this (i know i'm not), and i often tell people how to do it.
I wouldn't do anything that would interfere with the victim's ability to analyze the breakin. It's pretty tough when you know the middle man site couldn't care less about you or their own security problems.
is this frowned upon by the larger community?
Unfortunately there seem to be no rules here except "if you can get away with it it must be okay" and "we really have no idea what we can get away with". I think if someone decided to jump on us, conduct that's "accepted by the larger community" wouldn't mean much.
so they can dismiss it as administrative probes when they find it in their logs.
"administrative probes". I like that. -- | Opinions are _mine_, facts Rob Quinn | | are facts. (703)689-6582 | | rquinn () sec sprint net | | Sprint Corporate Security |
Current thread:
- Re: probe backs? was Re: [INCIDENTS] Korea Rob Quinn (Jan 31)
- <Possible follow-ups>
- Re: probe backs? was Re: [INCIDENTS] Korea Matthew Pemble (Feb 01)
- Re: probe backs? was Re: [INCIDENTS] Korea Pavel Kankovsky (Feb 02)
- DoS Trojan on Solaris Roderick Padilla (Feb 02)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
- Re: DoS Trojan on Solaris David Brumley (Feb 02)
- Interesting Probe Rick Magill (Feb 03)
- Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
- Re: DoS Trojan on Solaris Data_surge (Feb 04)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
- Compromised... Steve Logan (Feb 07)