Re: Scanning. Is it dangerous?

[roelof () SENSEPOST COM (Roelof Temmingh)]

I agree. I want to extend the discussion to the configuration of Intrusion
Detection Systems. Should an IDS trigger on a portscan from outside? For me
this does not make sense. As soon as you disregard 1 warning from an IDS you
can just as well throw it out the window - and a small to medium
Internet-connected company will receive between 2 and 10 scans a week.

my 2c,
Roelof
------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com         +27 83 448 6996
                http://www.sensepost.com                

On Sat, 29 Apr 2000, Sarunas Krivickas wrote:

+Hi folks,
+
+As I see, almost everyone there are worried about some kind of scanning for
+own subnets, ports, etc. Do you think it is real danger to you system? So if
+it is true, the scans as a dangerous actions has to be recognized in your
+risk management and IT security policy. Does the simple scan of your system
+has the right place in your policy and also is the trigger to initiate
+actions and rise the alarm? Of course, we are able to recognize DoS or
+something like that, but almost all incidents there are talking about
+simple, usual and not dangerous actions. Yes, you have to think about this
+kind of actions (I do not call it as attack) if your system is totally
+unprotected.
+Lets go to discuss a little bit about subject!
+My question is how the recognized simple scanning is described in your IT
+security policy and why scanning is so dangerous for you?
+
+Regards,
+Sarunas
+