Security Incidents mailing list archives
Re: Simultaneous Attacks
From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Fri, 7 Jul 2000 14:39:08 -0700
On Fri, 7 Jul 2000, Harlan S. Barney, Jr. wrote:
Today I have detected three simultaneous intrusions into my computer. I report ALL intrusions and expect maximum penalties.
Well, that's the problem we keep going around and around about. What you
saw was a probe. Probes aren't illegal. Unless the guy's ISP has a
policy against probing (many do) then the maximum penalty is nothing. In
fact, so many of the ISPs are getting complaints like this, that according
to previous threads here, they will just ignore the report, or log it and
do something if they get lots more reports about the same user.
I suspect Elias let this through so that people could have the log info
you provided, to correclate themselves. As for the penalty part, I hope
you're not too disappointed if you don't get satifactory results. At
best, someone here will check their logs, find the same thing, and that
will prompt them to file a report too. Enough reports about the same
user, and the guy may get cut off. That can be painful if he gets on the
blacklist for his high-speed provider, and there is no other game in town.
Ryan
Current thread:
- Re: scan log and subsequent response from the host's ISP, (continued)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Talisker (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 05)
- how to close security holes from nessus vulnerability scan report ? Chew Poh Chang (CAPL) (Jul 06)
- Snort SMTP expn-root Oxenreider, Jeff (Jul 06)
- Re: Snort SMTP expn-root Joe McAlerney (Jul 06)
- Re: Snort SMTP expn-root Bill Pennington (Jul 06)
- Re: Snort SMTP expn-root dyer (Jul 06)
- Simultaneous Attacks Harlan S. Barney, Jr. (Jul 06)
- Re: Simultaneous Attacks Valdis Kletnieks (Jul 07)
- Re: Simultaneous Attacks Ryan Russell (Jul 07)
- Ehm... what? (Re: Simultaneous Attacks) Martin Macok (Jul 11)
- Re: Simultaneous Attacks Richard Bejtlich (Jul 11)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Ejovi Nuwere (Jul 06)
- Re: scan log and subsequent response from the host's ISP Brooke, O'Neil (Jul 06)
- Re: scan log and subsequent response from the host's ISP Jason Storm (Jul 07)
- 6200/tcp Werner Iknaroff-Zhikovsky (Jul 09)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Osvaldo Janeri Filho (Jul 10)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)