Security Incidents mailing list archives
Re: Scanning. Is it dangerous?
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Tue, 2 May 2000 09:35:32 +1200
On Sat, 29 Apr 2000 17:12:54 +0200 Sarunas Krivickas <KrivickasS () PASTAS KAM LT> wrote:
Lets go to discuss a little bit about subject! My question is how the recognized simple scanning is described in your IT security policy and why scanning is so dangerous for you?
Our security policy includes scanning under the heading of "security experiments" and our user are forbidden to perform such experiments with the exception of Systems and Network Administrators testing their own security. If they want to do this from off campus they need my (Security Officer's) permission otherwise they will likely loose their ISP account ;-) We report all inbound scans (providing we can find someone to report them too without to much trouble). In bound scans are not dangerous in themselves, however the information obtained from scanning may well be -- why else to crackers do it? There are two main reason we report scans: 1/ most come from machine that have already been compromised. I believe it behoves us as good net citizens to warn the owners of systems that have been compromised that they have problems. It may be me next time. 2/ Scans originating from dail-up servers at ISP are likely to be naive script kiddies. A warning from an ISP to the kids parents may well save him/her from getting into more serious trouble later. We also see quite a few scans from local ISPs, these I persue fairly virgorously. My guess is that most of these scans are initiated by our own students from home (they do tend to focus on the the machines that supply student services and control their access to the net ;-) I want to get the message to our students that if they muck with our systems then they will get caught and will be dealt with. My personal belief is that ISPs should have a 3 teir warning system: 1/ First complaint gets an email notice. 2/ Second gets a phone call to the person in whoes name the account is held warning them that any more complaints will result in cancellation of the account. 3/ Third the account is cancelled. Unfortunately ISPs have to be very careful in this process because it it very easy to lay false complaints and very difficult for an ISP to detect that they are in fact false. Cheers, Russell.
Current thread:
- Scanning. Is it dangerous? Sarunas Krivickas (Apr 29)
- Re: Scanning. Is it dangerous? Sebastian (May 01)
- Re: Scanning. Is it dangerous? Roelof Temmingh (May 01)
- DNS Probes Damian Gerow (May 01)
- Re: Scanning. Is it dangerous? John D. Burkett (May 01)
- Re: Scanning. Is it dangerous? Rune Kristian Viken (May 07)
- Re: Scanning. Is it dangerous? Ryan Russell (May 01)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Jose Nazario (May 03)
- Scanning. Is it a consumer right? ethan preston (May 02)
- Re: Scanning. Is it dangerous? jms (May 02)
- Re: Scanning. Is it dangerous? Russell Fulton (May 01)
- <Possible follow-ups>
- Re: Scanning. Is it dangerous? -reply Joseph, Lorne (May 01)
- Re: Scanning. Is it dangerous? Don Tansey (May 01)
- Re: Scanning. Is it dangerous? Igor Gashinsky (May 02)