Re: [PLUG] portmap and other things

Michael Leone on Thu, 8 Mar 2001 10:16:21 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] portmap and other things

From: "Michael Leone" <turgon@mike-leone.com>

To: <plug@lists.phillylinux.org>

Subject: Re: [PLUG] portmap and other things

Date: Thu, 8 Mar 2001 10:16:24 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

----- Original Message ----- From: "Rebecca Ore" <rebecca@ogoense.net> To: <plug@lists.phillylinux.org> Sent: Thursday, March 08, 2001 9:08 AM Subject: Re: [PLUG] portmap and other things > On Thu, 08 Mar 2001, gabriel rosenkoetter wrote: > > > > > I'm also coming from the stance that I'm basically okay with a port > > scan. I mean, plenty of people walk past my front door; some might > > even try the doorknob (hey, maybe they were actually looking for my > > neighbor, but got the wrong apartment number). Doesn't bother me till > > they come in and start eying my stereo. And that's what the baseball > > bat's for. ;^> > > > For a lot of people who are running RedHat who aren't sophisticated > admins, PortSentry appears to be useful. Most of the probes are from > compromised boxes running automated scripts, not from individuals > actively going after a specific box. Most of the compromised boxes > have been RedHat 6.2 or older installs, with maybe an occasional other > commercial Linux. Also, while Gabriel might be OK with a portscan, I know more than a few who are not. Guys who's first reaction is to report the scanner to the scanner's ISP, and - if that doesn't work - to the computer crime folks (Hiya, Trooper John! :-). Now, THAT'S overkill, for a simple portscan. At work, I used to to complain sometimes to the ISPs (or more technically, the domain owners of the originating IP range) of folks who tried to do NETBIOS or FTP connects to my work servers. That, of course, almost invariable goes nowhere - 90% of the time, I didn't even get the curtesy of an automated response. So now I only complain when I see repeated attempts from the same IP range, over a few days. ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] portmap and other things
From: "Jason Wertz" <JWERTZ@dcccnet.dccc.edu>

Re: [PLUG] portmap and other things
From: MaD dUCK <madduck@madduck.net>

Re: [PLUG] portmap and other things
From: "Michael Leone" <turgon@mike-leone.com>

Re: [PLUG] portmap and other things
From: MaD dUCK <madduck@madduck.net>

Re: [PLUG] portmap and other things
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] portmap and other things
From: Michael Leone <turgon@mike-leone.com>

Re: [PLUG] portmap and other things
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] portmap and other things
From: Rebecca Ore <rebecca@ogoense.net>

Prev by Date: Re: [PLUG] portmap and other things

Next by Date: [PLUG] etherboot

Previous by thread: Re: [PLUG] portmap and other things

Next by thread: Re: [PLUG] portmap and other things

Index(es):

Date

Thread