Nmap Announce mailing list archives

Re: publicly available resources and the law

From: ark () eltex ru
Date: Thu, 25 Feb 1999 14:24:57 +0300

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Fyodor <fyodor () dhp com> said :

Even though the worry of legal problems is extremely low, there is a very
good chance that if you make a habit of scanning large numbers of hosts,
you (or your ISP) will eventually get a complaint from some anal sysadmin.

Muahaha! Yess! I am the anal sysadmin :))
Why do i sometimes behave like that? Because i *hate* script kiddies.
I get approx. 2 scans a day on each of my networks. Most were done not with
nmap but by some tool that scans from src port 65535.

1) IMAP scans (~50% of all). What do they idiots expect to find? IMAP
holes are old and why the hell to run IMAP if pop3 does fit most of
people's needs?

2) NetBus/BO/etc scans.. guys who expect others to have done the hardest
job for them..

3) Other small-range scans, not more than 5 ports a time, usually one, well-known thingies like pop3, imap (fuck!), 
dns/tcp and so on.

4) less that 10% of whole amount of scanning attempts. Wide port range
scans to check what services are running (not to find all hosts that run
service x). OS fingerprinting, too.

So what do i do with that? It depend on how i feel today. If i am just
slightly depressed (as usual) i don't care. If i am in really bad mood,
i send complaints.  I think it is just _stupid_ to scan everything
without knowing what are you going to find. It is as stupid as hacking
a computer without knowing if there could be something interesting or
not, like cretins do who fuck around university networks breaking in every
shitty host they see. I hate this new generation of idiots who think
the most desirable and important computer on the company's net is web
server. 

I remember it was a great pleasure and satisfaction to get a moron who
continuously tried Irix exploits on our web server that ran Digital Unix
arrested by sweddish police. If that dumb ass just pointed his browser
on the main page he could see "powered by Digital Unix" logo there and
probably could change his fate.

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNtUzB6H/mIJW9LeBAQGOxwP+KrJmW2tS9cq1y+gzcmwyGJxzieDWh9LN
IwhbRoRyn2Bk24iTIJ3Mgr0TIJY8bdZVABISbpuRqApUUesjl/9uBHpHIAmzPHUg
Zc4nWpP5eal7wZgHgB3JWvemO/UpTng7if1u+EnJPdyvboL4PUOLa0keZgTjTJkp
6H26m/MmJOo=
=//lp
-----END PGP SIGNATURE-----

Current thread:

Re: publicly available resources and the law, (continued)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
  - Re: publicly available resources and the law Bennett Todd (Feb 23)
  - Re: publicly available resources and the law Ken Williams (Feb 24)
    - Re: publicly available resources and the law Fyodor (Feb 24)
    - Re: publicly available resources and the law Jesse Whyte (Feb 25)
    - Re: publicly available resources and the law David Dennis (Feb 25)
    - publicly available resources and the law System Administrator (Feb 25)
    - Re: publicly available resources and the law vik bajaj (Feb 25)
- RE: publicly available resources and the law Benjamin Smee (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law ark (Feb 25)
- RE: publicly available resources and the law Dion Stempfley (Feb 26)
  - Re: publicly available resources and the law Bennett Todd (Feb 26)