Re: OT: port scan

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: OT: port scan
From: "Jonathan D. Proulx" <jon@ai.mit.edu>
Date: Tue, 28 Nov 2000 20:34:34 -0500
Message-id: <[🔎] 20001128203434.B1497@spoon.ai.mit.edu>
Mail-followup-to: "Jonathan D. Proulx" <jon@ai.mit.edu>, Debian Users <debian-user@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.21.0011281435140.24512-100000@curiango.ipen.br>; from mario@curiango.ipen.br on Tue, Nov 28, 2000 at 02:40:09PM -0200
References: <[🔎] Pine.LNX.4.21.0011281435140.24512-100000@curiango.ipen.br>

My $0.02,

report to $scanners_isp and cc $your_isp

Provide facts and logs

do not make wild accusations or ranting speaches, in my experience
people who do so are almost always wrong :)  Like writing me about how
their ISP told them ai.mit.edu what the place to write to about some
thing from 133.99.5.67 (we have 128.52/16)

on a single host it is hard to determine intent or accident, when I
see an outside host has made a scan of every ip in our range that
*means* something.

but a single host, if that is your only point of view or if it's a
highly visible system (www, ftp, smtp, pop, ns1) may mean something,
no harm in reporting it just for the record.

as a side note, people do tend to listen to my "official" email both
because of the return address and since alot of lab funding is
government money unauthorized access or elevation of privilege is a
federal (US) crime with a mandatory 6mo prison term, this doesn't really
happen from what I understand, but passing that along helps :)

no portscanning isn't a crime, but if one occurs the scan can be
evidence.

-Jon

Reply to:

References:
- OT: port scan
  - From: Mario Olimpio de Menezes <mario@curiango.ipen.br>

Prev by Date: Re: NVIDIA Re: help (fwd)
Next by Date: Re: NIC install - found driver, need to compile(?)
Previous by thread: Re: OT: port scan
Next by thread: Re: OT: port scan
Index(es):
- Date
- Thread