Server Probing

Corey Kovacs corey.kovacs at gmail.com
Fri Feb 1 13:43:30 UTC 2013 

Scanning someone's ports, in my mind is tantamount to "casing" my home. You
would not, for any reasonable explanation, come and check the doors and
windows to my home and if you did, you'd be in for a world of hurt. There
is legitimate reason for someone to do that. Your "explanation" that it is
somehow "education" is a bit ridiculous as you could easily set up a lab if
you were serious. About the only semi-legitimate "scan" might be a ping
sweep to see what providers were using what ip ranges etc to make a map or
something else that has already been done, so that's borderline as well. A
localized comparison is war-driving for unsuspecting people who might not
be as technically "clued in" as others. Just because they leave the front
door open, doesn't not mean you are welcome to anything exposed by that
mistake.

My $0.02

-C

On Thu, Jan 31, 2013 at 11:14 PM, AMD Paulius_J Jazauskas <
amdpaulius at gmail.com> wrote:

> Well, only looking on what's inside a server is not so bad, but most of the
> time a "brute force" comes after a "look".
>
> If I understand correct, *apnic* is like an asian network center which
> gives IPs for a very wide region. I agree, blocking China would definitely
> reduce the "door rattling" by more than 50% (but it would probably take all
> day to type all ranges), once I tracked many attacker IPs and most of them
> were from asia, but I found out that they may take over some European
> servers too, and then use them for scanning, brute forcing.
>
> Actually sometimes I get angry at all those spammers, scammers, phishers.
> Who do they think they are, acting without any morality.
>
> On Fri, Feb 1, 2013 at 1:41 AM, geofrey rainey <
> geofrey.rainey at enterpriseit.co.nz> wrote:
>
> > "Exact" is probably the wrong term, there's a difference between sitting
> > on one's computer and sending a tcp packet to another computer than
> > physically going on to one's property with the intention of looking for
> > entry points. The former is something that I do out of interest, interest
> > in finding out what a server on a network might be running, improve my
> > networking skills, and so-forth, it might be, frankly, quite arbitrary
> > deemed "really bad" by corporates that have left holes that clever
> crackers
> > are able to exploit and steal stuff and sure, I am not advocating that
> and
> > understand that it is theft and so-forth, but frankly, scanning a host is
> > hardly a major criminal offence and it's an excessive use of legal power
> to
> > assert that it is tantamount to some burglar trying to break in to a
> > building or something.
> >
> >
> >
> > On 02/01/2013 11:03 AM, Tom Burke wrote:
> >
> >> Unless you have permission, that's exactly what it is.  Why else would
> you
> >> be rattling their firewall, except to probe their vulnerabilities?
> >>
> >> And if you're probing their vulnerabilities without permission, then why
> >> are you doing it?
> >>
> >> IIRC, there is, in fact, legal precedence on this, too.
> >>
> >> On a related note, I used to drop *.apnic.* into my filters, and that
> got
> >> rid of over 80% of the door rattling.
> >>
> >> Of course, it pretty much blocked everyone in China, Japan, New Zealand,
> >> Australia, and so on..
> >>
> >> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey <
> >> geofrey.rainey at enterpriseit.**co.nz <geofrey.rainey at enterpriseit.co.nz
> >>
> >> wrote:
> >>
> >>  I just don't think rattling locks and peeking in windows is analogous
> to
> >>> sending a few tcp packets to a server on the internet really.
> >>>
> >>> On 02/01/2013 01:20 AM, Tom Curl wrote:
> >>>
> >>>  Unless you have permission from the owner of the server, you should be
> >>>> banned. Gee, I just think I'll rattle the locks on your doors and peak
> >>>> through your windows just to see what you are doing Geofrey.
> >>>>
> >>>>
> >>>>
> >>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote:
> >>>>
> >>>>  I don't think i'd advise permanently blocking IP's - sometimes I nmap
> >>>>> an
> >>>>> IP just because I am interested to see what's running or whatever but
> >>>>> wouldn't expect to be "banned" for doing this...
> >>>>>
> >>>>>
> >>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote:
> >>>>>
> >>>>>  Yeah, even my small home server which is not advertised anywhere
> gets
> >>>>>> scanned daily. They are always trying to brute force into FTP, or
> >>>>>> SSH. I
> >>>>>> use iptables to block those IPs completely.
> >>>>>>
> >>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <NFlorez at sdcwa.org>
> >>>>>> wrote:
> >>>>>>
> >>>>>>   THANKS!!!
> >>>>>>
> >>>>>>> Né§t☼r
> >>>>>>>
> >>>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: redhat-list-bounces at redhat.com [mailto:
> >>>>>>> redhat-list-bounces at redhat.com****] On Behalf Of m.roth at 5-cent.us
> >>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM
> >>>>>>> To: General Red Hat Linux discussion list
> >>>>>>> Subject: RE: Server Probing
> >>>>>>>
> >>>>>>> Florez, Nestor wrote:
> >>>>>>>
> >>>>>>>  [mailto:redhat-list-bounces@****redhat.com <http://redhat.com><
> >>>>>>>> redhat-list-**bounces at redhat.com <redhat-list-bounces at redhat.com
> >>]
> >>>>>>>> On Behalf Of Florez, Nestor
> >>>>>>>>
> >>>>>>>>   I will take a look at fail2ban
> >>>>>>>> You guys mentioned fail2ban, Does redhat has it available? Where?
> >>>>>>>>
> >>>>>>>>  epel.
> >>>>>>>
> >>>>>>>            mark
> >>>>>>>
> >>>>>>> --
> >>>>>>> redhat-list mailing list
> >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> http://redhat.com>
> >>>>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com
> >>
> >>>>>>> ?subject=unsubscribe
> >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> https://www.redhat.com/**mailman/listinfo/redhat-list>
> >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> https://www.redhat.com/mailman/listinfo/redhat-list>
> >>>>>>> >
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> redhat-list mailing list
> >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> http://redhat.com>
> >>>>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com
> >>
> >>>>>>> ?subject=unsubscribe
> >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> https://www.redhat.com/**mailman/listinfo/redhat-list>
> >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> https://www.redhat.com/mailman/listinfo/redhat-list>
> >>>>>>> >
> >>>>>>>
> >>>>>>>   --
> >>>>>>>
> >>>>>> redhat-list mailing list
> >>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> http://redhat.com>
> >>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
> >>>>> ?subject=unsubscribe
> >>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> https://www.redhat.com/**mailman/listinfo/redhat-list>
> >>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> https://www.redhat.com/mailman/listinfo/redhat-list>
> >>>>> >
> >>>>>
> >>>>>
> >>>>  --
> >>> redhat-list mailing list
> >>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> http://redhat.com>
> >>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
> >>> ?subject=unsubscribe
> >>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> https://www.redhat.com/**mailman/listinfo/redhat-list>
> >>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> https://www.redhat.com/mailman/listinfo/redhat-list>
> >>> >
> >>>
> >>
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@**redhat.com<
> redhat-list-request at redhat.com>
> > ?subject=unsubscribe
> > https://www.redhat.com/**mailman/listinfo/redhat-list<
> https://www.redhat.com/mailman/listinfo/redhat-list>
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list