Snort mailing list archives
Re: blocking nmap -P0 attack
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 10 Jan 2005 16:45:33 -0600
On Mon, 2005-01-10 at 17:40 -0500, Matt Kettler wrote:
One thing that a lot of folks seem to overlook is that distributed scanning is a hard reality.Is it? What about DScan? It's a very widely available tool for this very purpose.
A hard reality. As in "very real". I'm agreeing with you and tried to further highlight it :)
Instead of a bot net, open proxy servers can be nicely used for distributed/decoy/stealth scans. And there are still plenty of those around :)
True, but it's hard to get 10,000 open proxies. 10,000 windows machines that got infected by a mail virus are much easier to come by.
lol.... yeah, that's true. I have a hard time keeping a list of 80-100 current for a week. Proxies come and go. Infected PC's seem to stay longer. (But also those have a life-expectancy. It'd be nice to see a study that contrasts the average lifespan of a open proxy, a back-doored server, and a rooted/bot'ed PC.) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- blocking nmap -P0 attack N B (Jan 10)
- Re: blocking nmap -P0 attack Matt Kettler (Jan 10)
- Re: blocking nmap -P0 attack Frank Knobbe (Jan 10)
- Re: blocking nmap -P0 attack Matt Kettler (Jan 10)
- Re: blocking nmap -P0 attack Frank Knobbe (Jan 10)
- Re: blocking nmap -P0 attack Matt Kettler (Jan 10)
- Re: blocking nmap -P0 attack Frank Knobbe (Jan 10)
- Re: blocking nmap -P0 attack Frank Knobbe (Jan 10)
- Re: blocking nmap -P0 attack Matt Kettler (Jan 10)