Re: DNS, portscan, & laptops

[Vitaly Osipov <vosipov () wolfegroup ie>]

It's just another example that it's _bad_ to use automated complaining
(and, oh horror, firewall reconfiguration) tools. Standart example - 5
minutes of spoofed traffic, and you'll be known as a big spammer for the
rest of your life :)))

regards,
Vitaly.

Andrew Daviel wrote:
> A little gotcha - well, as it relates to my reporter script
> http://andrew.triumf.ca/pub/security/reporter/
>
> The notes say to ignore DNS servers to avoid triggering the portscan
> plugin. So I ignore the root nameservers, our onsite users use our
> onsite nameservers, occasional DNS lookups are ignored, and everything
> is OK.
> Then someone brings a laptop onsite, forgets to reconfigure the
> DNS from their home ISP, and does a lot of surfing. Result, 2 automated
> complaints sent to their ISP (followed by manual "sorry! please ignore.").
> I since fixed the script to ignore UDP source port 53.
>
> Normally, I suppose, you would like to know about someone
> misconfigured like this, but probably not to panic...
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376
> security () triumf ca
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users