[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Port Scanning

To: 'Firewall 1 Mailinglist' <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Port Scanning
From: Tag Morgan <tmorgan@softwaresystemsgroup.com>
Date: Sun, 2 May 1999 22:17:51 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Oops, I mis-read the previous post.  And, in my experience, when I've gotten
repeated scans from the same host it's been an even 50/50 when I actually
got annoyed enough to call the ISP.  Half of the calls I've made I've either
gotten "Yeah, our servers were hacked...." or I've gotten "hrm... lemme look
around here... Oh shit!"  So yeah, 50/50.



/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

K.T. Morgan
Network Engineer
CCSA/CCSE
Software Systems Group, Inc.
(703) 913-0813x39 



> -----Original Message-----
> From: Bill Lavalette - Operations NdrsNet [mailto:billl@ndrsnet.com]
> Sent: Thursday, April 29, 1999 9:54 PM
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: RE: [FW1] Port Scanning
> 
> 
> 
> I agree with Frank. Half the time these scans are initiated 
> the host is 
> comprimised.
> 
> Regards
> 
> Bill
> 
> -----Original Message-----
> From:	Frank W. Keeney [SMTP:FKeeney@hsa.com]
> Sent:	Thursday, April 29, 1999 5:07 PM
> To:	fw-1-mailinglist@lists.us.checkpoint.com
> Subject:	RE: [FW1] Port Scanning
> 
> 
> Personally I report them all. I have a script that does most 
> of the work
> so I can report 5-6 scans in less than 10 minutes. I'd say I get an
> average of 2 scans per day. It's even more fun to play with 
> these script
> kiddies. Install the Deception ToolKit 
http://all.net/contents/dtk.html
or BackOfficer Friendly http://www.nfr.net/bof/ and watch them try,
learn their tricks and protect yourself.

I've found that most scans come from compromised hosts. Sometimes the
admins never knew that this happened until someone lets them know.



+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Frank Keeney, Network Services, Home Savings of America
+1 626-814-5080 mailto:fkeeney@hsa.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++


	----------
	From:  Kent Hundley [SMTP:kent_hundley@ins.com]
	Sent:  Thursday, April 29, 1999 3:24 PM
	To:  darrell@gallup.com;
fw-1-mailinglist@lists.us.checkpoint.com
	Subject:  RE: [FW1] Port Scanning


	Unless the scanning is so pervasive that it starts approaching a
DoS,
	there's not much reason to get worked up about it IMHO.  That's
what you
	have a firewall for in the first place.

	


============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Port Scanning
Next by Date: Re: [FW1] infor about Checkpoint management server
Prev by thread: RE: [FW1] Port Scanning
Next by thread: Re: [FW1] infor about Checkpoint management server
Index(es):
- Date
- Thread