Security Incidents mailing list archives
Re: Scanning. Is it dangerous?
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Wed, 3 May 2000 17:06:06 -0400
On Tue, 2 May 2000, jms wrote:
but with so many isp's thinking they are doing the world a great service with their zero tolerance attitudes, the potential for abuse is *enormous*.
this is more a problem with the ISP than with the parties involved, then. if the ISP doesn't have the capabilities of checking their end to see if the IP was doing nasty things, then they should not adopt the attitude of kicking someone off their account with evidence gathered from a third party whose trust factor is unknown. as such, i say report probes/scans etc... it's your right to protect your network, and this is a method of protecting it. it's also your responsibility, in my opinion [1], to notify ISPs and whoever that their users may be engaged in activity that violates their AUP. as such, i word my 'nastygrams' very politely and tenuously. i say, 'it's possible you have a problem on your hands. this may represent a violation of your AUP or a compromised machine.' that's it, leaving the problems resolution up to the ISP. i definitely provide log info (and timezone info, to help them correlate their logs), and i definitely help if they ask for more info. but the handling of it is up to them. if the ISP/whoever isn't doing the job right, that's their problem. if they kick a user off only on my word, and i have no way of knowing if the packets were spoofed, that's their fault. my 1 cent, i guess, on your two cents. notes: 1. i come from the pre-commercial Internet, where, many of you will recall, things were far more open and trusting, we all knew we were on the same side as admins and all worked together. i still try and behave like this in my dealings with people. i may mutter nasty, terrible things about hwo a domain is run, but i do try and keep in mind that we're all just admins, doing the same job. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Scanning. Is it dangerous? Sarunas Krivickas (Apr 29)
- Re: Scanning. Is it dangerous? Sebastian (May 01)
- Re: Scanning. Is it dangerous? Roelof Temmingh (May 01)
- DNS Probes Damian Gerow (May 01)
- Re: Scanning. Is it dangerous? John D. Burkett (May 01)
- Re: Scanning. Is it dangerous? Rune Kristian Viken (May 07)
- Re: Scanning. Is it dangerous? Ryan Russell (May 01)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Jose Nazario (May 03)
- Scanning. Is it a consumer right? ethan preston (May 02)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Russell Fulton (May 01)
- <Possible follow-ups>
- Re: Scanning. Is it dangerous? -reply Joseph, Lorne (May 01)
- Re: Scanning. Is it dangerous? Don Tansey (May 01)
- Re: Scanning. Is it dangerous? Igor Gashinsky (May 02)