Security Incidents mailing list archives
Re: Interesting reply
From: Keith Pachulski <Keith.Pachulski () CORP PTD NET>
Date: Mon, 16 Oct 2000 09:18:17 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have to disagree with this "people scanning is from a compromised system". In most cases it comes down to someone on their home account (dialup, DSl, cable) doing the scanning from their home PC which has not been compromised. Someone saying "my system has been compromised, I was not doing the scanning " is an easy way out of an account cancellation or legal ramifications which may follow from scanning/hacking activities. Best way to do it is three strikes and your out. If the same user account gets caught three times blackhole the user account. To close, most scans I see personally on our network/footprint are not from compromised machines. - -----Original Message----- From: Gary Flynn [mailto:flynngn () JMU EDU] Sent: Thursday, October 12, 2000 9:27 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Interesting reply "Forrester, Mike" wrote:
From my experience (I work for a broadband ISP), most of our problems with people scanning is from a compromised system. No, I don't have exact numbers, but MOST is about right. ;)
Mike, How do you determine if the box used for scanning is compromised? Do you take the owner's word? How about other ISPs listening here? - -- Gary Flynn Security Engineer - Technical Services James Madison University Please RUNSAFE http://www.jmu.edu/computing/info-security/engineering/protecting_your self.htm -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOernAuGTq6qVSXTQEQJAzACfdDtFzPgoNVaugR4n98gSkaXB16QAoMNW MV7C5DcfQAvgWssN7BsrJHaS =GHG5 -----END PGP SIGNATURE-----
Current thread:
- Re: Interesting reply Crist Clark (Sep 30)
- <Possible follow-ups>
- Re: Interesting reply H Carvey (Sep 30)
- Re: Interesting reply Forrester, Mike (Oct 11)
- Re: Interesting reply Gary Flynn (Oct 12)
- Re: Interesting reply Mikael Gripenstedt (Oct 13)
- Re: Interesting reply Gary Flynn (Oct 12)
- Re: Interesting reply H Carvey (Oct 13)
- Re: Interesting reply Keith Pachulski (Oct 16)
- Re: Interesting reply Rick Ballard (Oct 16)
- Re: Interesting reply Aj Effin ReznoR (Oct 24)
- Re: Interesting reply Rick Ballard (Oct 16)
- Re: Interesting reply Forrester, Mike (Oct 19)
- Re: Interesting reply Narins, Joshua (Oct 19)
- Re: Interesting reply Forrester, Mike (Oct 20)
- Re: Interesting reply Turpin, Jason (Oct 25)
- Re: Interesting reply Aj Effin ReznoR (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Neil Long (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 27)