[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: port scan

on Tue, Nov 28, 2000 at 10:03:08PM +0100, Philipp Schulte (p.schulte@matrix.uni-duisburg.de) wrote:
> On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote: 
> > > But what kind of pressure can $your_provider put on a portscanner from
> > > $evil_provider? 
> > > Phil
> > 
> > Domain-level blocking of...mail, news, DNS....
> Show me the ISP that is willing to take these steps because of a
> portscanning script-kiddie. portsanning is not even illegal here in

I scan myself, routinely, particularly in tracking down spam boxes.
'Fact, I've created a little script to automate some datagathering,
attached.  I also will occasionally scan through the address space my
dialup system is on to try to locate it, doing a targeted scan on port
22, when my other locating systems fail.  I can then attempt logins on
the very small (0.1%) of systems indicatin open services on that port.

Portscanning itself isn't necessarily evil.  As a larger pattern of
behavior, however, it can indicate problems.  Where these problems
aren't being addressed by system or ISP owners, actions may be taken.

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org


# Get some data on a spam-orginating host, specify by IP.

# enable sudo
sudo -v

echo "ping check:"
ping -c 2 $@

echo -e "\nRBL relays check:"
rblcheck $@

echo -e "\nHost name resolution:"
nslookup $@

echo -e "\nTraceroute:"
traceroute $@

echo -e "\nOpen ports and OS:"
sudo nmap -sS -O $@

Attachment: pgpCc5FI2T5Rr.pgp
Description: PGP signature

Reply to: