Security Incidents mailing list archives
Re: Interesting reply
From: Rick Ballard <Richard.Ballard () xwave com>
Date: Wed, 27 Sep 2000 15:36:07 -0300
On 27 Sep 2000, at 2:55, H Carvey wrote:
Nothing personal to anyone...but if you've got time to report every little port scan that you get (call it what you will...scan, probe, whatever...) then you've got a LOT of time on your hands! After reading this list, and others on SF...I still fail to see why so many folks are reporting port scans, expecting the folks at ISPs to "do something" about them. First off...port scans, in and of themselves, are nothing more than a minor annoyance at best (insert appropriate analogy here). If a scan reaches a level that it's consuming an inordinate amount of bandwidth, then it ceases to be a scan and becomes a DoS attack.
A large percentage of port scans come from compromised hosts or trojan infected hosts. In these cases, I am sure the sysadmin at the source site would like to know about it. If the scan comes from a dialup, then it is probably a script kiddie, but if it comes from a well known company site, it is almost certain to be a compromised or trojanned host and should be reported. Of course the compromised host was probably broken into by a script kiddie who had previously done a scan from his dialup host. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rick Ballard Cell : 902-483-0559 xwave solutions Pager : 902-458-6568 Halifax,Nova Scotia Email : Richard.Ballard () xwave com Canada Timezone: Atlantic AST(GMT-4)/ADT(GMT-3)
Current thread:
- Interesting reply Bryan Andersen (Sep 27)
- <Possible follow-ups>
- Re: Interesting reply H Carvey (Sep 27)
- Re: Interesting reply Andersen, Bryan (Sep 27)
- Re: Interesting reply Rick Ballard (Sep 28)
- Re: Interesting reply Joe McAlerney (Sep 28)
- Re: Interesting reply H Carvey (Sep 28)
- Re: Interesting reply Buhrmaster, Gary (Sep 28)