On Fri, Feb 18, 2000 at 03:25:34PM -0500, Floyd Moore wrote:
> True Tim a scan is just a scan, and who cares. But some of the scans
> recorded are looking for a Trojan and these should be reported. I
Yes, but how do you tell the difference? Full blown port scans get
stopped right away. Pokes to all imap ports get shot down right away too.
ICMP sweeps? 1 time we ignore. 2 times, and they're toast. We are employing
an AI engine one of our guys wrote in CLIPS to spot trends and patterns
we overlook for one reason or another. It's saved our bacon more than
once.
> have no mercy on those scans because they are basically criminal.
> Regular scans who cares. So if we limit reporting to the "illegal"
> scans I think that will avoid the concerns about a police state. I
> would not want an overbearing nanny or police state.
I have to deal with the federal dark suits as part of my normal routine.
I avoid getting them involved as much as possible. But how do you define
'illegal'?
Tim
--
(work) [EMAIL PROTECTED] / (home) [EMAIL PROTECTED] - http://www.buoy.com/~tps
Lord, grant me the serenity to accept the things I cannot change,
the courage to change the things I can, and the wisdom to hide the
bodies of the people I had to kill because they pissed me off - Anon.
** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
