[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Port Scanning

To: "fw-1-mailinglist@lists.us.checkpoint.com" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Port Scanning
From: Bill Lavalette - Operations NdrsNet <billl@ndrsnet.com>
Date: Thu, 29 Apr 1999 18:54:12 -0700


I agree with Frank. Half the time these scans are initiated the host is 
comprimised.

Regards

Bill

-----Original Message-----
From:	Frank W. Keeney [SMTP:FKeeney@hsa.com]
Sent:	Thursday, April 29, 1999 5:07 PM
To:	fw-1-mailinglist@lists.us.checkpoint.com
Subject:	RE: [FW1] Port Scanning


Personally I report them all. I have a script that does most of the work
so I can report 5-6 scans in less than 10 minutes. I'd say I get an
average of 2 scans per day. It's even more fun to play with these script
kiddies. Install the Deception ToolKit http://all.net/contents/dtk.html
or BackOfficer Friendly http://www.nfr.net/bof/ and watch them try,
learn their tricks and protect yourself.

I've found that most scans come from compromised hosts. Sometimes the
admins never knew that this happened until someone lets them know.



+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Frank Keeney, Network Services, Home Savings of America
+1 626-814-5080 mailto:fkeeney@hsa.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++


	----------
	From:  Kent Hundley [SMTP:kent_hundley@ins.com]
	Sent:  Thursday, April 29, 1999 3:24 PM
	To:  darrell@gallup.com;
fw-1-mailinglist@lists.us.checkpoint.com
	Subject:  RE: [FW1] Port Scanning


	Unless the scanning is so pervasive that it starts approaching a
DoS,
	there's not much reason to get worked up about it IMHO.  That's
what you
	have a firewall for in the first place.

	


============================================================================  
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================  
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW1 v4.0 - Unknown WWW server
Next by Date: RE: [FW1] too many hosts/ how is it calculated
Prev by thread: RE: [FW1] Port Scanning
Next by thread: RE: [FW1] Port Scanning
Index(es):
- Date
- Thread