Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting reply

From: Rick Ballard <Richard.Ballard () xwave com>
Date: Wed, 27 Sep 2000 15:36:07 -0300
On 27 Sep 2000, at 2:55, H Carvey wrote:


Nothing personal to anyone...but if you've got time to
report every little port scan that you get (call it
what you will...scan, probe, whatever...) then you've
got a LOT of time on your hands!

After reading this list, and others on SF...I still
fail to see why so many folks are reporting port
scans, expecting the folks at ISPs to "do something"
about them.  First off...port scans, in and of
themselves, are nothing more than a minor annoyance at
best (insert appropriate analogy here).  If a scan
reaches a level that it's consuming an inordinate
amount of bandwidth, then it ceases to be a scan and
becomes a DoS attack.


A large percentage of port scans come from compromised hosts or
trojan infected hosts. In these cases, I am sure the sysadmin at the
source site would like to know about it. If the scan comes from a
dialup, then it is probably a script kiddie, but if it comes from a
well known company site, it is almost certain to be a compromised or
trojanned  host and should be reported. Of course the compromised
host was probably broken into by a script kiddie who had previously
done a scan from his dialup host.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rick Ballard            Cell    : 902-483-0559
xwave solutions         Pager   : 902-458-6568
Halifax,Nova Scotia     Email   : Richard.Ballard () xwave com
Canada                  Timezone: Atlantic AST(GMT-4)/ADT(GMT-3)
Previous By Date Next
Previous By Thread Next

Current thread: