[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Port Scanning

To: 'Firewall 1 Mailinglist' <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Port Scanning
From: Tag Morgan <tmorgan@softwaresystemsgroup.com>
Date: Sun, 2 May 1999 22:15:08 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Out of all of the scans of my network that I forwarded to you, I could see
no evidence of ANY of them following up and actually attempting a further
attack. I'm sure that this is in part due to the fact that I only allow very
minimal in-bound connectivity through the firewall.  No reason for the
script kiddies to come back if they didn't find any of the services they're
looking for listening.


 


/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

K.T. Morgan
Network Engineer
CCSA/CCSE
Software Systems Group, Inc.
(703) 913-0813x39 



> -----Original Message-----
> From: Lance Spitzner [mailto:spitzner@dimension.net]
> Sent: Friday, April 30, 1999 2:18 PM
> To: Bill Lavalette - Operations NdrsNet
> Cc: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] Port Scanning
> 
> 
> 
> On Thu, 29 Apr 1999, Bill Lavalette - Operations NdrsNet wrote:
> 
> 
> > I agree with Frank. Half the time these scans are initiated 
> the host is 
> > comprimised.
> 
> Actually, based on two months of research I have been conducting, the
> percentage is far smaller then that.  Right now, I would estimate
> that only 10% of scans are followed up on (Depending on what they
> are scanning for).  Hopefully I will have a more complete report
> for the FW community in a couple of more months.  
> 
> 
> Lance Spitzner
> http://www.enteract.com/~lspitz/papers.html
> Internetworking & Security Engineer
> Dimension Enterprises Inc
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Date: Mon, 3 May 1999 10:26:58 +1000
Next by Date: RE: [FW1] Port Scanning
Prev by thread: [FW1] Date: Mon, 3 May 1999 10:26:58 +1000
Next by thread: RE: [FW1] Port Scanning
Index(es):
- Date
- Thread