Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting reply

From: H Carvey <keydet89 () YAHOO COM>
Date: Thu, 12 Oct 2000 13:33:50 -0700
I'd be very interested to hear some specifics
regarding the type of traffic that indicates that the
scanning system has been compromised, and how this
traffic might differ from traffic "seen" from a
malicioius user.

I still don't see how anyone can say "most" or "almost
all" without any hard info.

Carv


--- Gary Flynn <flynngn () JMU EDU> wrote:

"Forrester, Mike" wrote:


From my experience (I work for a broadband ISP),

most of our problems with

people scanning is from a compromised system.  No,

I don't have exact

numbers, but MOST is about right. ;)


Mike,

How do you determine if the box used for scanning is
compromised? Do you take
the owner's word? How about other ISPs listening
here?

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please RUNSAFE


http://www.jmu.edu/computing/info-security/engineering/protecting_yourself.htm


__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: