Re: Cracking attempt

To: Russell Coker <russell@coker.com.au>
Cc: debian-isp@lists.debian.org
Subject: Re: Cracking attempt
From: Tim Spriggs <tims@fugazi.engr.arizona.edu>
Date: Mon, 24 Feb 2003 02:59:38 -0700 (MST)
Message-id: <Pine.GSO.4.44.0302240252030.15877-100000@fugazi.engr.arizona.edu>
In-reply-to: <200302240839.24093.russell@coker.com.au>

On Mon, 24 Feb 2003, Russell Coker wrote:

> On Mon, 24 Feb 2003 07:38, Jason Lim wrote:
> > Usually if we get such a report, we'll inform the client of their actions.
> > Most times that discourages them from doing it.
>
> In any case it's a service to your client - who is the one paying you.  It
> always amazes me that people on the net expect you to take their side against
> one of your clients for something innocent like a bit of portscanning!
>
> > unless someone is REALLY repeatedly hammering a server. Then if no action
> > is taken we may even block them at the router/switch level.
>
> That's the only thing to do, if someone is excessively scanning you then you
> block their IP addresses for a while.  Of course you can't be too trigger
> happy with this or you'll end up with half the Internet in your firewall rule
> set...

In the defense of the ballistic person that is complaining about the
portscan, one of our servers is running a backup server that dies with no
error/warning when the server is portscanned. Unfortunately, our servers
can not be put behind a firewall as funding is at an all time low.

This is a very inconvenient feature and the company that provides the
backup server will do nothing about it so we have to manually restart the
deamon from time to time because we were (innocently) portscanned.

I guess my point is that there can be some wierd side-effects to obscure
things that portscans/other non-normal network behaviour can create.
However I will still side with you on the fact that abnormal behaviour
should be handled and discarded by the software.

Oh well.

My two cents worth.

-Tim

>
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: Cracking attempt
  - From: Russell Coker <russell@coker.com.au>
- Re: Cracking attempt
  - From: mark@sans.rondom.org (Mark Lijftogt)

References:
- Re: Cracking attempt
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Cracking attempt
Next by Date: Re: Cracking attempt
Previous by thread: Re: Cracking attempt
Next by thread: Re: Cracking attempt
Index(es):
- Date
- Thread