Re: A port scan is not an Incident (was No one wants responsibili ty)

[Paul Franson <pfranson () VIROLOGIC COM>]

> Most of what I've seen from you on this list has been reports from your
> copy of BlackICE. Port scans, in and of themselves, do not warrant being
> reported as hacking/intrusion attempts. Have a heart folks. Scanning
> might be annoying, but that's it. It's part of being on the net.

Man, I really have to disagree with just about everything in that paragraph.

1) Any more, 9 out of 10 port scans represents a script kiddie that has
taken over a machine and is using it to find another.  As a network
administrator, I most certainly want to know if people are seeing a machine
under my control performing these scans.  If you guys EVER see a port scan
coming out of a network I own, please, please let me know.

2) The activity in question has but one purpose, to find a computer to be
exploited.  Semantic/legal arguments abound on this subject, but many of us
feel that intent to commit a crime constitutes a crime.  In many localities,
unauthorized intrusions into a computer network represent a crime.  If I see
someone repeatedly driving down my street looking for houses to rob, the
police tell me I should report it as suspcious activity.  If I see someone
hanging around a school yard in a trenchcoat in the middle of summer looking
at the little girls (or boys) on the playground, I think I should probably
report that too.  Define, please, the difference.  If the job of policing
your network is too hard for you, perhaps you are understaffed or in the
wrong occupation.

3) It's only part of being on the net if we allow it to become so.  See SPAM
for a comparison -- "Just hit delete" means that everyone with a herbal
suppliment to sell gets to flood my mailbox with relative impunity.  "Just
write it off as being part of the net" means that I can never be sure of my
network's security.  I will never accept that.

4) My network is my (or my company's) property.  Intrusions and intrusion
attempts are tresspassing.  I reserve the right to allow my dobermans to
bark at people trespassing on my property.