Re: Deutsche-Telekom sets the standard for network security! (??)

From: gr8matt (gr8rmatt@pacbell.net)
Date: 12/18/01 

From: "gr8matt" <gr8rmatt@pacbell.net>
Date: Tue, 18 Dec 2001 00:02:32 GMT

I would have to agree that one should be selective when reporting a port
scan. I would bet money that 95% of the people scanning ports are not
hackers at all but kids messing around. When I first started screwing with
computers back in the day, I had port scan software that I would input
addresses just to see what it came back with. I never attempted to break in
to any sites. It was just a curiosity thing. Currently, my server gets
scanned many times a day. I only report it if I see the same IP or domain
scanning multiple times or a couple days in a row.

Matt

svek <svek@gmx.net> wrote in message
news:9vm0eb$g8e69$1@ID-120205.news.dfncis.de...
> "An external port
> scan is equivalent to rattling the door in an attempt
> to enter without express permission or invitation"
> i would say that this is more equivalent to looking into windows or
feeling
> the door handle, because the mere attempt to break and enter comes when
code
> is launched to gain access.
> should portscans be reported to ISP:s? i would say that in some cases yes,
> one have to be quite selective about it.
> and internet was created in the atmosphere that every computer should be
> able to reach eachother as a sharing community not to be secure and that's
> partly the problem.
> at the statement on putting medical instruments online (on the Internet)
> must be the most stupid thing i have ever heard since, at least according
to
> be, life critical systems should be kept of the internet, put them in a
> network, yes, just don't attach that network to the internet. i mean only
a
> fool would connect the controls to the nuclear warheads, direct or
indirect,
> to internet, and this goes for all life critical systems!
> internet should be thought of as a dangerous place!
>
> just my 2 cents.
>
> /svek
>
> "Bruce D. Ray" wrote:
> > Well, I do call port scans an abuse. I call port
> > scans deliberate hostile activity. There simply
> > isn't a legitimate reason for anyone outside of
> > the IU's IT Security Office to engage in a wholesale
> > port scan of my private NMR Center domain, and I've
> > even protested to IU's IT Security Office when they
> > did that. However, wholesale port scanning is what
> > has been tried from Deutsche-Telekom, from wanado.fr,
> > from chello.*, and from other European ISP's, all of
> > whom I've now permanently blocked. There absolutely
> > isn't any reason for attempts at anonymous FTP to a
> > system that sends a preliminary message clearly stating
> > that these systems are only available to authorized
> > users and that these systems do not provide any general
> > services and are not anonymous FTP servers. Furthermore,
> > when attempts to smash the stack follow these port scans,
> > then we've gone from simple abuse to active criminality.
> > Finally, when these attempts go so far as to download
> > criminal material onto someone's drives {e.g., child
> > pronography, which has been downloaded onto the drives
> > of one NMR facility's machines}, then the illegal purpose
> > of the original port scan becomes blindingly obvious.
> >
> >
> > Your analogy is faulty as well. An external port
> > scan, i.e., a port scan originating from outside the
> > domain of the machine being scanned, is not equivalent
> > to looking at the door or at the car. An external port
> > scan is equivalent to rattling the door in an attempt
> > to enter without express permission or invitation. The
> > mere fact that a machine is on the internet is neither
> > an invitation to contact that machine nor permission to
> > contact that machine. I should point out here that many
> > machines, particularly some types of medical diagnostic
> > equipment, are on the internet in order for the manufacturer
> > to conduct regular instrument checks to certify the
> > instrument the computer is hosting. Yes, such machines
> > ought to be protected. They are. However, we all know
> > that all protection methods are fallible. Failure of the
> > ISP to have and to enforce a prohibition against port
> > scanning outside of one's own domain
> >
> >
> > The only four legitimate reasons for contacting a
> > machine on the internet are:
> > 1. contact by the administrator of that machine;
> > 2. contact by an authorized user of that machine;
> > 3. contact to machine is a known and advertised
> > public service provider on the specific port
> > or ports for which services are known and
> > advertised; or
> > 4. accidental contact caused by mistyping of an
> > address and followed by immediate disconnect
> > {and note that I do report this type contact
> > to IU's IT Security Office}.
> > All other contacts are questionable at best, and
> > when conducted in the form of a port scan, are hostile
> > actions.
> >
> > --
> > Warning to commercial e-mailers {spammers}: The e-mail
> > address provided above is for information purposes only
> > and is subjected to extensive e-mail filtering. Do not
> > send unsolicited commercial e-mail to this address.
>
>

Relevant Pages

  • Re: OpenSSH 3.4p1 Trouble on SCO 5.0.5?
    ... and I mean *NO* business having any direct exposure to the Internet. ... If you have to run services like SSH to it, it should be through an external firewall with some sort of logging, and preferably not run popular services like SSH on port 22. ... It looks like normal port scanning by crackers. ...
    (comp.unix.sco.misc)
  • Re: Linux als Router
    ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
    (de.comp.os.unix.linux.misc)
  • Re: SharePoint 3.0: problems with external access
    ... "Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ... Port 443 won't work because it is already used by the Default Web Site. ... What you need to do is create a wildcard certificate and use it in ISA. ... The steps to publish WSS 3.0 applications behind ISA 2004 are the same ...
    (microsoft.public.windows.server.sbs)
  • Re: companyweb from RWW
    ... "Could not open connection to the host, on port 23: ... internet should tell the tale, ... Les Connor [SBS Community Member - SBS MVP] ... This site is the default web site. ...
    (microsoft.public.windows.server.sbs)
  • Re: NIS slowing machine to a crawl?
    ... The problem is NIS. ... Check your computer with a port scanner like grc.com in the internet. ... netstat and if its implementation is bug-free enough to report it ...
    (comp.security.misc)