Security Incidents mailing list archives
Re: Interesting reply
From: H Carvey <keydet89 () YAHOO COM>
Date: Thu, 12 Oct 2000 13:33:50 -0700
I'd be very interested to hear some specifics regarding the type of traffic that indicates that the scanning system has been compromised, and how this traffic might differ from traffic "seen" from a malicioius user. I still don't see how anyone can say "most" or "almost all" without any hard info. Carv --- Gary Flynn <flynngn () JMU EDU> wrote:
"Forrester, Mike" wrote:From my experience (I work for a broadband ISP),most of our problems withpeople scanning is from a compromised system. No,I don't have exactnumbers, but MOST is about right. ;)Mike, How do you determine if the box used for scanning is compromised? Do you take the owner's word? How about other ISPs listening here? -- Gary Flynn Security Engineer - Technical Services James Madison University Please RUNSAFE
http://www.jmu.edu/computing/info-security/engineering/protecting_yourself.htm __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Re: Interesting reply Crist Clark (Sep 30)
- <Possible follow-ups>
- Re: Interesting reply H Carvey (Sep 30)
- Re: Interesting reply Forrester, Mike (Oct 11)
- Re: Interesting reply Gary Flynn (Oct 12)
- Re: Interesting reply Mikael Gripenstedt (Oct 13)
- Re: Interesting reply Gary Flynn (Oct 12)
- Re: Interesting reply H Carvey (Oct 13)
- Re: Interesting reply Keith Pachulski (Oct 16)
- Re: Interesting reply Rick Ballard (Oct 16)
- Re: Interesting reply Aj Effin ReznoR (Oct 24)
- Re: Interesting reply Rick Ballard (Oct 16)
- Re: Interesting reply Forrester, Mike (Oct 19)
- Re: Interesting reply Narins, Joshua (Oct 19)
- Re: Interesting reply Forrester, Mike (Oct 20)
- Re: Interesting reply Turpin, Jason (Oct 25)
- Re: Interesting reply Aj Effin ReznoR (Oct 25)
- Re: TCP connections to port 1024 - DDoS? Neil Long (Oct 26)
- Re: TCP connections to port 1024 - DDoS? Arrigo Triulzi (Oct 27)