It's a grey area ihmo. A portscan is just a nock on a appartment door, and just waiting whom is going to openup. Besides that, it's nothing more. And you can see this as annoying, nocking on someones door and then running like hell, but.. then again, no harm is done.
In comparisin with a mail adress probe, wich I recive 30 times a day if I don't completly block a couple of hongarian and chinese ISP's, the domain is useless for any commercial form, and does harm me in a financial way if I realy don't do anything about it. So.. using the Spam probe to compare it with a port scan.. well, I would report the spam probe a couple of times if I have the feeling it would make a diffrence.. but still.. it can be a lot of work. Mark On Mon, Feb 24, 2003 at 02:59:38AM -0700, Tim Spriggs wrote: > > > On Mon, 24 Feb 2003, Russell Coker wrote: > > > On Mon, 24 Feb 2003 07:38, Jason Lim wrote: > > > Usually if we get such a report, we'll inform the client of their actions. > > > Most times that discourages them from doing it. > > > > In any case it's a service to your client - who is the one paying you. It > > always amazes me that people on the net expect you to take their side against > > one of your clients for something innocent like a bit of portscanning! > > > > > unless someone is REALLY repeatedly hammering a server. Then if no action > > > is taken we may even block them at the router/switch level. > > > > That's the only thing to do, if someone is excessively scanning you then you > > block their IP addresses for a while. Of course you can't be too trigger > > happy with this or you'll end up with half the Internet in your firewall rule > > set... > > In the defense of the ballistic person that is complaining about the > portscan, one of our servers is running a backup server that dies with no > error/warning when the server is portscanned. Unfortunately, our servers > can not be put behind a firewall as funding is at an all time low. > > This is a very inconvenient feature and the company that provides the > backup server will do nothing about it so we have to manually restart the > deamon from time to time because we were (innocently) portscanned. > > > I guess my point is that there can be some wierd side-effects to obscure > things that portscans/other non-normal network behaviour can create. > However I will still side with you on the fact that abnormal behaviour > should be handled and discarded by the software. > > Oh well. > > My two cents worth. > > -Tim > > > > > -- > > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > > http://www.coker.com.au/postal/ Postal SMTP/POP benchmark > > http://www.coker.com.au/~russell/ My home page > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -- Mark Lijftogt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
