Re: sunrpc portscan from 204.229.203.2 kcom.edu

[H Carvey <keydet89 () YAHOO COM>]

> Emails send to abuse () westnet net or
> postmaster () westnet net bounce. I
> just sent an email to Scott.Gardner () ASU EDU
> (authority in ARIN's
> whois), we'll see if he replies.

A question to the group...

This applies to some degree to the recent discussion
regarding full disclosure.

Is it appropriate, in this forum or any other, to post
such information as found in the origial message
before giving someone at the site a chance to respond?

It seems Guilaume did some searching, though there is
no indication that he attempted to puruse any of the
university web sites, looking for an abuse
policy/contact...not that what appears in the snort
scans actually constitutes "abuse".

I think that we're getting a little too hung up on
these various scans.  Far too many messages in online
forums are now containing hostnames and IP addresses
for the source of these scans...which may well be
compromised machines.

I'm not saying that the problem doesn't need to be
addressed.  I am saying that perhaps this is NOT the
way to go about it.  First attempt to contact the
site...if it's really that important to you, call
them.  I know, in some cases it's a long distance or
even an international call...but is it REALLY
important to you?  If so, make every effort to contact
someone at the site before posting full IP
address/hostname info.

More importantly...are the scans really that serious?
Okay, so it stands out from background noise...but
it's a scan, not an intrusion attempt.

Carv

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/