Lo, on Wednesday, November 29, brian moore did write:
> On Tue, Nov 28, 2000 at 05:38:12PM -0600, Richard Cobbe wrote:
> >
> > Well, they can be. Connections to TCP ports 137, 138, and 139 are part of
> > Windows file- and printer-sharing. I don't know all that much about how
> > SMB works, but
On Wed, 29 Nov 2000 14:06:28 PST, brian moore writes:
>> So, if you happen to be on a network (like, say, a cable modem local loop)
>> with some Windows PCs that have file/print sharing turned on, these may not
>> represent a security problem. (Well, for *you*, anyway.)
>
>Or if you happen to be o
On Tue, Nov 28, 2000 at 05:38:12PM -0600, Richard Cobbe wrote:
>
> Well, they can be. Connections to TCP ports 137, 138, and 139 are part of
> Windows file- and printer-sharing. I don't know all that much about how
> SMB works, but I'm fairly sure there are broadcasts to these ports
> involved,
On 28/11/2000 at 23:07 -0800, Nate Amsden wrote:
> pretty cool prog. ive caught many things using it. its not very well
> known so it may not be on freshmeat.net ..
>
> if you want a copy of it i can try to dig up the source or the url for
> it, email me direct. ..
>
scandetd (and another progs
Mario Olimpio de Menezes wrote:
>
> Hi,
>
> One computer where I have Debian installed was scanned
> recently. Someone probed several ports (~20), maybe trying to determine
> the running OS (something like nmap does).
> Do you think this *IS* an attack? I mean, should I report thi
On Wed, 29 Nov 2000 07:35:46 +0100, Philipp Schulte writes:
>"Show me the ISP that is willing to take these steps because of a
>portscanning script-kiddie.
kpnqwest.at for example ;-) t-online.de is another one, they take
something like that pretty serious in the meantime.
>It just doesn't mak
On Wed, Nov 29, 2000 at 01:56:57AM +, Colin Watson wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> [...]
> >>>On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
> Philipp Schulte wrote:
> >But what kind of pressure can $your_provider put on a portscanner
> >>
On Wed, 29 Nov 2000 00:21:30 +0100, Philipp Schulte writes:
>On Tue, Nov 28, 2000 at 11:02:52PM +0100, Robert Waldner wrote:
>> But unauthorized use of ressources is, as is unauthorized altering. And
>> the preparation of illegal tasks (as which I would clearly define
>> port-scanning) is also
on Wed, Nov 29, 2000 at 01:56:57AM +, Colin Watson ([EMAIL PROTECTED])
wrote:
> Philipp Schulte <[EMAIL PROTECTED]> wrote:
> [...]
> >>>On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
> Philipp Schulte wrote:
> >But what kind of pressure can $your_provider put on
Philipp Schulte <[EMAIL PROTECTED]> wrote:
[...]
>>>On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
Philipp Schulte wrote:
>But what kind of pressure can $your_provider put on a portscanner
>from $evil_provider?
Domain-level blocking of...mail, news, DNS
My $0.02,
report to $scanners_isp and cc $your_isp
Provide facts and logs
do not make wild accusations or ranting speaches, in my experience
people who do so are almost always wrong :) Like writing me about how
their ISP told them ai.mit.edu what the place to write to about some
thing from 133.
Lo, on Tuesday, November 28, Damian Menscher did write:
> On Tue, 28 Nov 2000, Pollywog wrote:
> > On Tue, 28 Nov 2000 14:40:09 -0200 (EDT), Mario Olimpio de Menezes said:
> >
> > > One computer where I have Debian installed was scanned
> > > recently. Someone probed several ports (~20), maybe
On Tue, Nov 28, 2000 at 11:02:52PM +0100, Robert Waldner wrote:
> On Tue, 28 Nov 2000 22:03:08 +0100, Philipp Schulte writes:
> >On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
> >
> >> > But what kind of pressure can $your_provider put on a portscanner from
> >> > $evil_pr
On Tue, Nov 28, 2000 at 01:24:15PM -0800, kmself@ix.netcom.com wrote:
> on Tue, Nov 28, 2000 at 10:03:08PM +0100, Philipp Schulte ([EMAIL PROTECTED])
> wrote:
> > On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
> >
> > > > But what kind of pressure can $your_provider put
On Tue, Nov 28, 2000 at 08:38:43PM +, Pollywog wrote:
>
> On Tue, 28 Nov 2000 21:18:34 +0100, Philipp Schulte said:
>
> > On Tue, Nov 28, 2000 at 09:04:20PM +0100, Robert Waldner wrote:
> >
> > > >Shouldn't this be <[EMAIL PROTECTED]>?
> > >
> > > No, $yourproviders complaint is _muc
On Tue, 28 Nov 2000 20:14:47 GMT, Pollywog writes:
>On Tue, 28 Nov 2000 21:07:15 +0100, Robert Waldner said:
>
>> On Tue, 28 Nov 2000 16:59:04 GMT, Pollywog writes:
>> >I usually do not report attempts to connect to single ports.
>>
>> Me neither, except special ports like ftp, linuxconf, netbu
On Tue, 28 Nov 2000 22:03:08 +0100, Philipp Schulte writes:
>On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
>
>> > But what kind of pressure can $your_provider put on a portscanner from
>> > $evil_provider?
>> > Phil
>>
>> Domain-level blocking of...mail, news, DNS
>
>
On Tue, 28 Nov 2000 21:18:34 +0100, Philipp Schulte said:
> On Tue, Nov 28, 2000 at 09:04:20PM +0100, Robert Waldner wrote:
>
> > >Shouldn't this be <[EMAIL PROTECTED]>?
> >
> > No, $yourproviders complaint is _much_ more likely to be taken
> > seriously by $attackers_provider (and it ca
On Tue, 28 Nov 2000 21:07:15 +0100, Robert Waldner said:
> On Tue, 28 Nov 2000 16:59:04 GMT, Pollywog writes:
> >I usually do not report attempts to connect to single ports.
>
> Me neither, except special ports like ftp, linuxconf, netbus, where
> nobody at no fscking time has anything to l
on Tue, Nov 28, 2000 at 10:03:08PM +0100, Philipp Schulte ([EMAIL PROTECTED])
wrote:
> On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
>
> > > But what kind of pressure can $your_provider put on a portscanner from
> > > $evil_provider?
> > > Phil
> >
> > Domain-level bloc
On Tue, Nov 28, 2000 at 12:35:27PM -0800, kmself@ix.netcom.com wrote:
> > But what kind of pressure can $your_provider put on a portscanner from
> > $evil_provider?
> > Phil
>
> Domain-level blocking of...mail, news, DNS
Show me the ISP that is willing to take these steps because of a
port
on Tue, Nov 28, 2000 at 09:18:34PM +0100, Philipp Schulte ([EMAIL PROTECTED])
wrote:
> On Tue, Nov 28, 2000 at 09:04:20PM +0100, Robert Waldner wrote:
>
> > >Shouldn't this be <[EMAIL PROTECTED]>?
> >
> > No, $yourproviders complaint is _much_ more likely to be taken
> > seriously by $attacker
On Tue, 28 Nov 2000 21:18:34 +0100, Philipp Schulte writes:
>On Tue, Nov 28, 2000 at 09:04:20PM +0100, Robert Waldner wrote:
>
>> >Shouldn't this be <[EMAIL PROTECTED]>?
>>
>> No, $yourproviders complaint is _much_ more likely to be taken
>> seriously by $attackers_provider (and it can save you
On Tue, Nov 28, 2000 at 09:04:20PM +0100, Robert Waldner wrote:
> >Shouldn't this be <[EMAIL PROTECTED]>?
>
> No, $yourproviders complaint is _much_ more likely to be taken
> seriously by $attackers_provider (and it can save you from a lot of
> embarassment if you´d misjudge something).
>
> I
On Tue, 28 Nov 2000 20:48:40 +0100, Philipp Schulte writes:
>Do you live in the USA? How do ISPs handle customers who portscan?
>I know that in Germany most big ISPs don't give a what their
>customers are scanning.
Then .at seems somewhat different from the rest of the german-speaking
world.
On Tue, 28 Nov 2000 18:23:34 GMT, Pollywog writes:
>> Of course, a connection to a single port on a single machine is probably
>> just some idiot who mistyped an IP address
>
>exactly, and I don't want to cause trouble needlessly.
In my experience, when this is the case, people just say that
On Tue, 28 Nov 2000 16:59:04 GMT, Pollywog writes:
>I usually do not report attempts to connect to single ports.
Me neither, except special ports like ftp, linuxconf, netbus, where
nobody at no fscking time has anything to look for for a good&valid
reason.
&rw
--
/ Ing. Robert Waldner | Netw
On Tue, 28 Nov 2000 15:24:02 -0200, Mario Olimpio de Menezes writes:
>On Tue, 28 Nov 2000, Robert Waldner wrote:
>
>> On Tue, 28 Nov 2000 14:40:09 -0200, Mario Olimpio de Menezes writes:
>> >One computer where I have Debian installed was scanned
>> >recently. Someone probed several ports (~20),
On Tue, 28 Nov 2000 18:13:58 +0100, Philipp Schulte writes:
>On Tue, Nov 28, 2000 at 06:00:16PM +0100, Robert Waldner wrote:
>> > I mean, should I report this
>> >as *AN* attack?
>>
>> yes. <[EMAIL PROTECTED]>.
>
>Shouldn't this be <[EMAIL PROTECTED]>?
No, $yourproviders complaint is _much_ more
On Tue, Nov 28, 2000 at 04:59:04PM +, Pollywog wrote:
> If someone scans several ports, I usually do report it to their ISP,
> sending them log excerpts that include the time they occurred and also my
> time zone as reported by my computer. The ISP would probably warn the
> customer and even
On Tue, 28 Nov 2000 12:15:39 -0600 (CST), Damian Menscher said:
> > I usually do not report attempts to connect to single ports.
>
> You might want to keep in mind that scans of all ports are often just
> general curiosity about what kind of stuff a computer is being used for,
> while scans
On Tue, 28 Nov 2000, Pollywog wrote:
> On Tue, 28 Nov 2000 14:40:09 -0200 (EDT), Mario Olimpio de Menezes said:
>
> > One computer where I have Debian installed was scanned
> > recently. Someone probed several ports (~20), maybe trying to determine
> > the running OS (something like nmap doe
On Tue, 28 Nov 2000, Robert Waldner wrote:
> On Tue, 28 Nov 2000 14:40:09 -0200, Mario Olimpio de Menezes writes:
> > One computer where I have Debian installed was scanned
> >recently. Someone probed several ports (~20), maybe trying to determine
> >the running OS (something like nmap does).
On Tue, 28 Nov 2000 14:40:09 -0200 (EDT), Mario Olimpio de Menezes said:
>
> Hi,
>
> One computer where I have Debian installed was scanned
> recently. Someone probed several ports (~20), maybe trying to determine
> the running OS (something like nmap does).
> Do you think this
On Tue, Nov 28, 2000 at 06:00:16PM +0100, Robert Waldner wrote:
> On Tue, 28 Nov 2000 14:40:09 -0200, Mario Olimpio de Menezes writes:
> > One computer where I have Debian installed was scanned
> >recently. Someone probed several ports (~20), maybe trying to determine
> >the running OS (somet
On 28 Nov 2000 09:58:02 MST, "Gary Hennigan" writes:
>"Mario Olimpio de Menezes" <[EMAIL PROTECTED]> writes:
>> One computer where I have Debian installed was scanned
>> recently. Someone probed several ports (~20), maybe trying to determine
>> the running OS (something like nmap does).
>>
On Tue, 28 Nov 2000 14:40:09 -0200, Mario Olimpio de Menezes writes:
> One computer where I have Debian installed was scanned
>recently. Someone probed several ports (~20), maybe trying to determine
>the running OS (something like nmap does).
> Do you think this *IS* an attack?
scanni
"Mario Olimpio de Menezes" <[EMAIL PROTECTED]> writes:
> One computer where I have Debian installed was scanned
> recently. Someone probed several ports (~20), maybe trying to determine
> the running OS (something like nmap does).
> Do you think this *IS* an attack? I mean, should I rep
Hi,
One computer where I have Debian installed was scanned
recently. Someone probed several ports (~20), maybe trying to determine
the running OS (something like nmap does).
Do you think this *IS* an attack? I mean, should I report this
as *AN* attack?
[]s,
Mario
39 matches
Mail list logo
