Re: weird scans from port 80

From: Tim Haynes (usenet@stirfried.vegetable.org.uk)
Date: 01/23/03 

From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
Date: Thu, 23 Jan 2003 14:27:39 +0000

Kasper Dupont <kasperd@daimi.au.dk> writes:

>> > And what will the results tell you? It cannot be used in an attack, it
>> > will not tell you if the computer has any vulnurabilities,
>>
>> No? So nmap doesn't have an OS-detection routine for any sort of reason
>> then?
>
> OS detection is not a security risk.

No? Interesting. Some of us consider *any* information-leak to be a
security risk.

> Reallity shows that attempts are made by attackers without the knowledge
> of your OS or even if doesn't appear to be vulnurable.

Reality also suggests that not everyone flinging packets at you is a kiddie
or a worm.

[snip]
>> Oh, haha, still banging on about that one sentence of RFC793 as though it
>> were applicable?
>
> For gods sake would you rather have had the entire RFC posted?

That would also be unnecessary. However, posting something that didn't
destroy your "point" for you might've been recommendable.

> It specifies in all details when to send RST and when not to.

You call "as a general rule" a "specification"?

> This sentence just sumarizes all those rules. If you want to know more
> about it read the RFC.

Then you have failed to justify your "point" and are obviously unwilling to
post something relevant to back it up. Nice knowing you.

>> Look, get it through your head: the first clause in the snippet you
>> quoted *alone* makes it highly questionable whether the rest applies.
>> The subsequent sentence someone else quoted makes it even less likely.
>> Trying to tar people who disagree with your stupid ideas as saying "it's
>> a firewall therefore standards don't apply" is utterly offensive, when
>> nobody here has ever said as much.
>
> It is not my stupid ideas, the RFC is the standard which you MUST conform
> with.

And I do. What's your problem?

> I was not the one suggesting you are allowed to violate the RFC in the
> name of your firewall, but a lot of people has suggested that, and I
> think you were one of them.

Then you had better re-read the thread properly. It would be more to the
point if you had done this in the first place before spewing *** in my
face as a regular reader of this group for the past few days.

> Who are you to complain about people attacking your system when you won't
> even play by the rules? Instead you are possibly taking part of a DoS
> attack by your violations.

Now you're really talking crap. First you say that attempts to restrict the
events responded-to are "against the RFCs" without justifying it, then you
say the above? Since when did *not* sending a packet *add* to a DoS?

>> What I find really disgusting is your insistence on taking the OP's
>> original question and diverting it down this irrelevant *unhelpful*
>> side-track.
>
> I just suggested that the symptoms appeared to be caused by
> misconfigurations of his own firewall, and I told him what he could do
> about it.

And how much use has that been?

> So, I guess he no longer has a problem, which means my advice have indeed
> been helpful. The only reason for this thread to continue is you
> insisting on violating the standards in the holy name of the firewall.

I beg your pardon? Name *ANY* article where I have *EVER* defended such a
position. I dare you.

>> If you won't be man enough to apologise to the group for the *** you've
>> been spreading, at least shut up.
>
> I have no reason to apologise, I have just been defending the standards.

You've just falsely accused me and in a previous article "various others"
of suggesting violating "the standards", which you make no attempt to apply
logically.

Consider yourself <plonk>ed for extreme offensive idiocy.

~Tim 

-- 
Gabrielle and Madelene were just dolls.     |piglet@stirfried.vegetable.org.uk
                                            |http://spodzone.org.uk/
Loading