On Fri, 19 Mar 1999, Joe Matusiewicz wrote:
[SNIP]
>
> One caveat about reporting scans. It is possible to spoof the source ip
> address of the scan so there is always the small possibility that the scan
> did not originate from where your logs tells you. Which means pranksters
> can scan all of Netscape's domain and try to make it look like some host in
> microsoft.com did it. That's why when I report a scan, I basically say
> that "Our log indicates...."
>
Which is one reason to use the blocking of sites 'reported' as being the
'source' of the scan should be done as a last resort. In fact, a denail
of service can be caused via such spoofed scans to sites actually
important to everyday business if this is done imprudently...
Thanks,
Ron Dufresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
