Nmap Announce mailing list archives
RE: can/should
From: Sean Ellis <sellis () intergate bc ca>
Date: Wed, 24 May 2000 14:48:06 -0700
At 06:34 AM 5/24/00 -0400, you wrote:
Many sites send a relatively curteous mail to the site or isp that summarizes that logs and states that you detected a portscan and consider this bad behavior, and would like the site to check to ensure that they have
Monitoring network traffic is not part of my job, so perhaps I'm slightly 'out of the loop' on this, but can it really be practical to be responding to portscans in this way? Surely that would have to generate one humungous amount of email. If I see something interesting on a site, streaming video, whatever, I may do a scan to see what kind of technology they're running, if I expect to be dealing with someone and they're online, I may give them a scan, integrate what I see there into the picture of them I'm trying to formulate. I don't think I'm alone in this; there must be a lot of similar activity.
My questions is what else can/should be done. I have no other reason to believe they got through or committed any crime. What else are you guys doing? I hope this is not to far off topic.
I don't think responding to port scans, unless they're persistent and threatening in some distinct way, is a good use of your time. IMHO. Sean
Current thread:
- can/should Barry Hudson (May 23)
- Re: can/should Mr. Man (May 24)
- Re: can/should Security (May 24)
- Re: can/should Thomas Reinke (May 24)
- Re: can/should Ola Nyström (May 25)
- Re: can/should Jose Nazario (May 24)
- Re: can/should Eric Hancock (May 24)
- Re: can/should Bennett Todd (May 24)
- <Possible follow-ups>
- RE: can/should Gallicchio, Florindo (2282) (May 24)
- RE: can/should Dion Stempfley (May 24)
- RE: can/should Sean Ellis (May 24)
- RE: can/should Crye, Michael (May 24)
- RE: can/should Jonathan Day (May 25)
- Re: can/should John Mee (May 25)