Security Incidents mailing list archives
Re: Handling Scans.
From: John Nemeth <jnemeth () VICTORIA TC CA>
Date: Wed, 14 Feb 2001 04:36:29 -0800
On Jul 5, 11:43am, "E, M" wrote: } } An irritation can morph into destructive at its next code evolution; } thus the priority of other-ISP involvement changes from 'hello, you have } a naughty user' to '#%$@! you need to do something about this *now*!'. } Will an auto-responder differentiate, know which ones require the } '#%$@!' notification, which ones need follow-up? How about the ISP? } Are they more likely to black-hole an auto-notification? (lol I have no } clue to the answers to these questions, btw.) I tend to bit bucket them. As an example, on one day I got two complaints that one of my systems was port scanning people. One came from a Windows user that had BlackIce, ZoneAlarm, or something like that. The other came from a Linux user that was using ipchains and perhaps snort or something similar. The port scan in question was simply an ident query. Both complaints were tossed straight into the bit bucket without a response. If I get complaints from people that are totally clueless about perfectly normal things, I just toss them. I don't have nearly enough time as is... } I'm an old-fashioned girl: clinging to the idea that human judgment and } consistent hands-on monitoring are a necessary component of security. I just like to add that it has to be done by somebody that actually has a clue. }-- End of excerpt from "E, M"
Current thread:
- Re: Handling Scans., (continued)
- Re: Handling Scans. Harlan S. Barney, Jr. (Feb 13)
- Re: Handling Scans. Booke, Raymond (Feb 12)
- Re: Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. Timothy Lyons (Feb 12)
- Re: Handling Scans. Guillaume Filion (Feb 12)
- Re: Handling Scans. Abe Getchell (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Reeves, Mike (Feb 13)
- Re: Handling Scans. Valdis Kletnieks (Feb 13)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. John Nemeth (Feb 14)
- Re: Handling Scans. Justin Shore (Feb 14)
- Re: Handling Scans. John Oliver (Feb 14)