Security Incidents mailing list archives
Re: big increase in ftp scanning
From: Jason Potopa <jpotopa () QWEST NET>
Date: Mon, 13 Nov 2000 13:01:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I agree with you to a point, but there are a few things that I feel should be elaborated on, expecially your last line that read "And, last, portscans are nothing illegal, at least here in germany..." although it is not illegal to port scan in most countries including the US, this does not tie the ISP's hands when dealing with mis-use of the internet, and the ISP's network. If the ISP has an acceptable use policy that states that scanning a network is against the companies policy, and therefore can result in the customer being kicked off of the service, then they can do something about it. You do make an excellent point that if you find yourself victim of a scan, or any other type of network attack/mischief, you need to provide the upsteam ISP with complete logs (including time and time zones) as soon as possible. Jason Potopa Security Engineer Qwest Communications jpotopa () qwest net (612)644-3685 pager: (612)539-3388 pgp public key: http://keyserver.pgp.com:11371/pks/lookup?op=get&exact=off&search=jpotopa On Mon, 13 Nov 2000 10:21:21 +0100, "Andreas Ferber" <af () DEVCON NET> wrote: > > They are actually doing a good job. T-Online has about 7 million > customers, so it is only natural that you get much scanning activity > from their netblocks. > > If a single customer gets reported the first time, they really do > nothing but recording this, that's right. But if a customer is > reported repeated times, they contact him and warn him, and if he > doesn't stop scanning, his account is terminated. > > Here in germany there are also some legal problems which sometimes > prevent identifying who was doing the scans. An ISP is only allowed to > keep his logs of who had which IP address at which time as long as he > needs it to bill the customer. At T-Online this is typically up to 4 > or 6 weeks, so if you report an incident later, it is not possible for > T-Online to identify the customer. > > And, last, portscans are nothing illegal, at least here in germany... > > Andreas > --=20 > Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG > --------------------------------------------------------- > +49 521 1365800 - af () devconsult de - www.devconsult.de > > --Qxx1br4bt0+wmkIi > Content-Type: application/pgp-signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iQCVAwUBOg+ykVIXE5d7yTxhAQFKqgQAgE4Ry+5mZdU+1HAP2Lki+JbCuxJ12X+z > kJVTnpF7G13vDYrj+X0qi6fhUCTzGOzkVoet6Y/gq6HJVEfKlONvnyuqGOm8LA4H > yL/aybNlS5IRfK7duDzv6YsWHWXfaAxvJCOYZRnUa2pb/ihPo49S7AE+OkaxfEK2 > Jqb/AkxNhk0= > =rUrF > -----END PGP SIGNATURE----- > > --Qxx1br4bt0+wmkIi-- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Seahorse v0.4.9 http://seahorse.sourceforge.net iEYEARECAAYFAjoQOFYACgkQiB+9fAS8Qr9KqQCgtPbTcF7a3TpkBnm3Rbjhh11M kGAAmwUhkXa1c3WwfIn7lt23pYHbySR+ =Wm7U -----END PGP SIGNATURE-----
Current thread:
- Re: big increase in ftp scanning, (continued)
- Re: big increase in ftp scanning Keith Owens (Nov 09)
- Re: big increase in ftp scanning Jan Muenther (Nov 11)
- Re: big increase in ftp scanning Russell Fulton (Nov 13)
- Re: big increase in ftp scanning Andreas Ferber (Nov 14)
- Re: big increase in ftp scanning Jan Muenther (Nov 14)
- Re: big increase in ftp scanning Florian Weimer (Nov 15)
- Re: big increase in ftp scanning Dirk Meyer (Nov 11)
- Re: big increase in ftp scanning Stefan Tomlik (Nov 13)