Re: Port scan from Apache?

Hi Nash,

I'm not sure I really understand what you're up to. In any case, let me
clarify that my whole intention was to get a better understanding of
what had happened there. In the end, I don't want my server to produce
alarms at other people's sites. I tried to find the cause of the problem
on my side and couldn't, thus I suggested a working hypothesis to the
complaining (yes he was complaining) admin.

So my question which you cited below was really about the criteria that
need to be met for the NetScreen hw/sw to classify something as a port
scan. Pure diagnostic information.

As I mentioned earlier, the admin hasn't contacted me since I posted my
hypothesis with the web mailer which I don't quite like either because
I'd prefer a message that says

"It's alright, it wasn't your fault."

or

"We still don't know what's wrong. Can you investigate further using
this pile of low-level details?"

Of course I'd prefer the first one since it means less work for me but
the second one would also be fine with me. And on a last note: I didn't
mean to be sneaky, I just wanted some advice as to the origins since I
thought I might have missed something. For that, this list seemed
appropriate to me.

Best wishes
Clemens

Nash Nipples wrote:
i believe that people who deployed netscreen are quite sure in what
they are doing and a friendly notice should not sound like a
complaint to u but instead become a solid ground to understanding
what could go wrong. Ofcourse if they proudly told you that they ARE
using the netscreen. Peeking on log entries provided to u and
announcing it on public doesnt make an electronic robinhood scene.
unless this is a.. "Do you guys know how does the damn netscreen
detect portscans, really..?"

3. Does anyone know when the NetScreen hardware / software labels
something "port scan"?

isnt that an indirect hit? i suggest u ask ur question directly to
the sender dropping this sneaky habbits in freebsd-security list.
thats what it is about
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • [OT] Re: How do you read source for big programs?
    ... > What's your approach for understanding a large program at the source ... skill a programmer should cultivate: ... your archipelago of islets in a sea of confusion, ... recommend that you port the program to a new environment. ...
    (comp.lang.c)
  • Re: [OT] Re: How do you read source for big programs?
    ... Eric Sosman wrote: ... >>What's your approach for understanding a large program at the source ... > your archipelago of islets in a sea of confusion, ... > recommend that you port the program to a new environment. ...
    (comp.lang.c)
  • Re: Re: error message 0x800ccc7F
    ... > establish a SSL connection ... > to temporary reason', port ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: VB6, VB2005, or Something Else?
    ... The problem is not understanding. ... We're talking about a giant ... I'm pretty open minded whether the .NET platform is a good idea, ... way it is an attempt to port the operating system ...
    (microsoft.public.vb.general.discussion)
  • Re: strange getch+kbhit behaviour
    ... According to my understanding of the language, ... will'' implies ``not sure if I will''. ... I'm complaining about you continuing to dig when you should have said ...
    (comp.lang.c)