nanog mailing list archives
Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sun, 19 May 2002 02:54:23 +0000 (GMT)
AL> Date: Sat, 18 May 2002 21:50:34 -0400 AL> From: Allan Liska AL> [allan@ns1 phpdig]$ telnet www.istop.com 80 AL> Trying 216.187.106.194... AL> Connected to dci.doncaster.on.ca (216.187.106.194). AL> Escape character is '^]'. AL> HEAD / HTTP/1.0 Or lynx http://www.istop.com/ and press the '=' key for similar info. Or echo the HEAD request to a program that opens a TCP socket. Or go to www.netcraft.com. Of course, firewalls munching on TCP/IP can screw up IP stack fingerprinting, causing nmap et al. to report "IIS on <favorite *ix flavor>" when it really means "IIS on ??? behind firewall running <favorite *ix flavor>". I wonder how many people enjoy recompiling their *ix httpd to report itself as IIS? Watch for requests matching certain IDS strings... what was that again about mad fast honeypots? ;-) -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Re: Arbor Networks DoS defense product, (continued)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
- Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) E.B. Dreger (May 18)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) up (May 19)
- Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[6]: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 19)
- Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 19)
- Re: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 19)
- RE: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) Benjamin P. Grubin (May 19)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Greg A. Woods (May 19)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)