[oclug] tuesday afternoon rant about the FBI and an isp
bbarnett at l8r.net
bbarnett at l8r.net
Tue Mar 20 06:57:52 EST 2001
On 20-Mar-2001 David F. Skoll wrote:
> On Mon, 19 Mar 2001 bbarnett at l8r.net wrote:
>
>> Erm, scanning someone isn't illegal, and it isn't wrong.
>
> Scanning someone *in preparation* for breaking into his system or
> bringing it down is illegal, and is wrong.
>
Of course.. but that's hindsight. Scanning itself is fine.. you have to prove
malicious intent if you want the legal authorities to get involved.
>> > I run intrusion-detection systems on many of my clients' networks, and
>> > you can bet that I contact owners of machines which port-scan my
>> > clients. It's just part of conscientious network administration.
>>
>> Dave, you must do nothing but call people all day long. I find it hard to
>> believe you when you say something like this. Out of all the machines I
>> keep
>> an eye on, 4 of them I monitor with a passion, and I get a total of 20 scans
>> a day from them. Are you honestly suggesting that you contact the owners of
>> all
>> the machines that scan you, heh ;)
>
> No, of course not. I ignore the usual background noise of script
> kiddies scanning for common exploits. However, I do report persistent
> and/or more sophisticated scans. I only get a couple of those a
> month.
>
> I run snort (www.snort.org) and if you tune the sensitivity just
> right, you only get about 40-60 lines per day to scan through, and it
> only takes a minute or so to separate the wheat from the chaff.
>
Ok, take away the script kiddies (which you have to ignore or you'd go insane,
heh) and I can certainly agree with you ;) Snort is great, but its proven
unstable on 2 of my systems :/ I just dies with no apparent reason, and I
haven't had the time to compile it from sources and run gdb on it to see what
the
problem is.
Ah well, time ... wish I had more ;)
---
Dynamic Hosting
HTTP://www.L8R.net/
"We Provide Static Hostnames for Dynamic IP's"
More information about the OCLUG
mailing list