Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Scans of 21536
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Scans of 21536
  • From: smarkacz <[EMAIL PROTECTED]>
  • Date: Sun, 14 Jan 2001 00:41:53 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
Simple Nomad <[EMAIL PROTECTED]> wrote:
> I think that if I were some smart scanning dude or dudette out there, and
> a scanning pattern was "identified" as a "misconfigured device", I'd
> probably make sure my port scan duplicated this type of traffic.

That's pretty obvious. But in case of 18245>21536 packets, there's
almost no gain.. of course, you can send such packets to every IP in
my network and get me alarmed when you hit a machine which doesn't run
an HTTP server. Or you can just use them to OS-fingerprint HTTP
servers my firewall protects. But then - why don't you use port 80 for
your scans? It *is* open and probably you can also know if my firewall
filters are stateful or not. What more can you get from port 21536
scans?

> If I wanted to be REALLY evil, I could do the following:
> 1. Scan large sections of the Internet with a forged source address and
> several decoys with nmap.
> 2. Wait for someone on this list to say something about it, or optionally
> say something about it myself.
> 3. I post a message from my day job stating "oh I spoke to blahblahblah
> about this and it is a misconfigured device/reported to the ISP/whatever".

Nice idea. :)

> As a security-conscious kind of guy, I am surprised by the tone of this
> list which seems to trust every message posted to it. Certainly I am not
> the first person to think of this type of thing. There has always been the
> argument on Bugtraq that the bad guys read Bugtraq, I think one should
> assume the same here.

OK, nobody has to trust me. Or anyone. But it doesn't mean you can
assume anyone posting here to be a bad guy. Some people would lie
here, some'd just be wrong. But you know all this stuff, I won't
repeat. Just verify what you read here before trusting it.
-- 
*** smarkacz ([EMAIL PROTECTED])  --  Jacek P. Szyma&nacute;ski
No jasne, jak cz&lstrok;owiek sepleni to zadowoli si&eogon; i linuksem. To w&lstrok;a&sacute;nie
taki niedorobiony system co zauwa&zdot;a dok&lstrok;adnie ka&zdot;dy poza linuksiarzami.
                                            -- Piotr Trzcionkowski
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.