Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting reply

From: Keith Pachulski <Keith.Pachulski () CORP PTD NET>
Date: Mon, 16 Oct 2000 09:18:17 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have to disagree with this "people scanning is from a compromised
system". In most cases it comes down to someone on their home account
(dialup, DSl, cable) doing the scanning from their home PC which has
not been compromised. Someone saying "my system has been compromised,
I was not doing the scanning " is an easy way out of an account
cancellation or legal ramifications which may follow from
scanning/hacking activities. Best way to do it is three strikes and
your out. If the same user account gets caught three times blackhole
the user account.

To close, most scans I see personally on our network/footprint are
not from compromised machines.

- -----Original Message-----
From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Thursday, October 12, 2000 9:27 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Interesting reply


"Forrester, Mike" wrote:


From my experience (I work for a broadband ISP), most of our
problems with people scanning is from a compromised system.  No, I
don't have exact numbers, but MOST is about right. ;)


Mike,

How do you determine if the box used for scanning is compromised? Do
you take
the owner's word? How about other ISPs listening here?

- --
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please RUNSAFE
http://www.jmu.edu/computing/info-security/engineering/protecting_your
self.htm

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOernAuGTq6qVSXTQEQJAzACfdDtFzPgoNVaugR4n98gSkaXB16QAoMNW
MV7C5DcfQAvgWssN7BsrJHaS
=GHG5
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: