Re: blocking nmap -P0 attack

[Frank Knobbe <frank () knobbe us>]

On Mon, 2005-01-10 at 17:40 -0500, Matt Kettler wrote:
> > One thing that a lot of folks seem to overlook is that distributed
> > scanning is a hard reality.
>
> Is it? What about DScan? It's a very widely available tool for this very 
> purpose.

A hard reality. As in "very real". I'm agreeing with you and tried to
further highlight it :)

> > Instead of a bot net, open proxy servers can be nicely used for
> > distributed/decoy/stealth scans. And there are still plenty of those
> > around :)

> True, but it's hard to get 10,000 open proxies. 10,000 windows machines 
> that got infected by a mail virus are much easier to come by.

lol.... yeah, that's true. I have a hard time keeping a list of 80-100
current for a week. Proxies come and go. Infected PC's seem to stay
longer. (But also those have a life-expectancy. It'd be nice to see a
study that contrasts the average lifespan of a open proxy, a back-doored
server, and a rooted/bot'ed PC.)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part