Security Incidents mailing list archives
Re: sunrpc portscan from 204.229.203.2 kcom.edu
From: H Carvey <keydet89 () YAHOO COM>
Date: Fri, 22 Sep 2000 04:50:55 -0700
Emails send to abuse () westnet net or postmaster () westnet net bounce. I just sent an email to Scott.Gardner () ASU EDU (authority in ARIN's whois), we'll see if he replies.
A question to the group... This applies to some degree to the recent discussion regarding full disclosure. Is it appropriate, in this forum or any other, to post such information as found in the origial message before giving someone at the site a chance to respond? It seems Guilaume did some searching, though there is no indication that he attempted to puruse any of the university web sites, looking for an abuse policy/contact...not that what appears in the snort scans actually constitutes "abuse". I think that we're getting a little too hung up on these various scans. Far too many messages in online forums are now containing hostnames and IP addresses for the source of these scans...which may well be compromised machines. I'm not saying that the problem doesn't need to be addressed. I am saying that perhaps this is NOT the way to go about it. First attempt to contact the site...if it's really that important to you, call them. I know, in some cases it's a long distance or even an international call...but is it REALLY important to you? If so, make every effort to contact someone at the site before posting full IP address/hostname info. More importantly...are the scans really that serious? Okay, so it stands out from background noise...but it's a scan, not an intrusion attempt. Carv __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- sunrpc portscan from 204.229.203.2 kcom.edu Guillaume Filion (Sep 21)
- <Possible follow-ups>
- Re: sunrpc portscan from 204.229.203.2 kcom.edu H Carvey (Sep 22)