On Sat, Jan 13, 2001 at 05:15:30PM +0200, Konstantinos Margaritis wrote: <snip> > a thing. Is port-scanning considered vandalism? Should I report the > addresses to somewhere?
This is a subject of debate in security circles. Some believe that portscanning is an indication of malicious intent and should be treated as such. Others believe that portscanning is harmless and merely a sign of curiosity. I fall into the latter category. I know my machines are secure; I go to great lengths to ensure that they don't expose any known weeknesses to the world. If someone wants to portscan me, they're welcome to it. They'll find that there's not much of interest on my systems. I get portscanned a lot, but rarely attached. It seems like you're pretty aware of what's going on on your network and would notice if an attack was made. In that case, I wouldn't bother reporting a simple port scan. > What makes me curious is the fact that no ip came from the same > geographical area. Literraly the ips resolved to machines from all the > continents of the world! As if I was under global attack! :-) > Of course these could be spoofed, but surely that is a really tough feat > just for port-scanning. It's also conceivable that the scanning machines were actually compromised themselves, and that the scanning was being done automatically in an attempt to find more target boxes. > Lastly, what tool should be considered good for periodic checks on the > system files? tripwire? cops? i know tripwire is packaged but is there a > better alternative, tripwire being non-free and all that... Tripwire is no longer non-free. Version 2.3, a major update from the version available in Debian, has been released under the GPL. Go to www.tripwire.org to learn more. The files are available on sourceforge. It takes a while to build a good policy file, but it's very good at detecting system changes. 2.3 is also significantly faster than the old version. > PS. I am not in the list, so I would appreciate it if you cc'd your > replies to me. > If you're really interested in keeping your machines secure, I suggest subscribing to the list. Traffic isn't too high (I don't even bother dedicating a mailbox to it) and the discussion is valuable. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpMr4hONu6vm.pgp
Description: PGP signature
