Security Basics mailing list archives
Re: When does a scan attempt become a focused attack?
From: Byron Sonne <blsonne () rogers com>
Date: Wed, 22 Oct 2003 19:56:16 -0400
Although you could let the owner of the machine, or the ISP know that their machine is performing a scan (they probably don't even realise it) or is silly enough to use their personal IP to run an IIS vulnerability scan *grin*
I've found that half the time things quiet down a little when you give them a good nmap scan back. If they are doing it from their personal account or machine, they'll know that I know. If they're doing it from an opportunistic or hacked account, than someone else will perhaps turn an eye and shut 'em out, or they'll move on to another less noisy target. And if nothing happens, oh well. Always worth the education to see what real world scans look like. Make sure you save 'em. By knowing what is at the end of the attacking connection, you can better tune your defenses or just drop their packets on the floor.
Turnabouts fair play I figure, and I'm not trying to crash their box, DOS them or anything else. After all, if they're knocking on my door sometimes a knock back on theirs calms 'em down.
-- For good, return good. For evil, return justice. ---------------------------------------------------------------------------Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- When does a scan attempt become a focused attack? Hunt, Jim (Oct 21)
- RE: When does a scan attempt become a focused attack? dave kleiman (Oct 22)
- Re: When does a scan attempt become a focused attack? Sebastian Schneider (Oct 22)
- Re: When does a scan attempt become a focused attack? Karma (Oct 22)
- Re: When does a scan attempt become a focused attack? Byron Sonne (Oct 23)
- Re: When does a scan attempt become a focused attack? Ivan Hernandez (Oct 23)
- Re: When does a scan attempt become a focused attack? Byron Sonne (Oct 23)
- <Possible follow-ups>
- RE: When does a scan attempt become a focused attack? Fields, James (Oct 22)
- Re: When does a scan attempt become a focused attack? salgak (Oct 22)