Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: "Forrester, Mike" <mforrester () HSACORP NET>
Date: Mon, 28 Aug 2000 10:04:00 -0600
Comments in-line... <snip>
To whom are you "proving beyond all doubt their malicious intentions"? The cops? Your logs do not constitute evidence.The cops disagree with you. Properly handled, logs are more than just hearsay, and also contribute to convergence of evidence -- a basic concept of law. We have successfully prosecuted using logs. Although they were not our only evidence, they did play a key part proving malicious intent. Others have successfully prosecuted using logs.
We get subpoenas for logs from companies and law enforcement...
Their ISP? They can just as likely ignore you as canceltheir account. From what ive experienced, its more the latter. 90% of the time the ISP cancels the account with "this is a known baddie that ive already warned once, ive been waiting for proof they are still up to no good".
This is exactly what we do. Just because you send us a log thay shows one of our users is scanning you or causing other possible mischief, doesn't mean we'll cancel them. However, we keep every legitimate complaint (supported by logs, etc.) for tracking purposes. If we notice a trend, they will usually be looking for another ISP.
If they ignore you, then you have found a grey or black hat network and report it to your colleagues so they can firewall out that network.So what's the point of all these logs?Cancelling script kiddies accounts, of course.
We don't like them either, but about 30-40% of our complaints are about someone whose been trojaned and not a script kiddie. <snip> Mike Forrester - Systems Security Engineer High Speed Access Corp. - Denver, CO USA mforrester () hsacorp net - +1 303 256 2134
Current thread:
- Re: Annoy Those Sub7 Scanners., (continued)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Doug Kahler (Aug 27)
- Re: Annoy Those Sub7 Scanners. Valdis Kletnieks (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)
- Re: Annoy Those Sub7 Scanners. Snehal Dasari (Aug 28)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 28)
- Re: Annoy Those Sub7 Scanners. Forrester, Mike (Aug 28)
- Re: Annoy Those Sub7 Scanners. Pierre Vandevenne (Aug 28)
- Re: Annoy Those Sub7 Scanners. Frank Knobbe (Aug 30)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Computer Vegetable (Aug 31)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Robert G. Ferrell (Aug 30)
- Re: Annoy Those Sub7 Scanners. Bryan Andersen (Aug 31)
- Re: Annoy Those Sub7 Scanners. Bill Royds (Aug 31)
- Re: Annoy Those Sub7 Scanners. Forrester, Mike (Aug 31)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)