X-PMC-CI-e-mail-id: 12460
As some have already noted that port scanning is
legal or nothing to be excited about in some parts of the world.
Yet, there may be legitimate concern when such probes originate from,
say, university domains where it is quite likely that such probing is
done without the administrator's approval, etc..
Then what should we do?
Below is an e-mail template I have been using for some time
to report such port probing incidence.
(I use, dig, whois or web-based tools to find out
where the culprit comes from. And I write to the admins of the ISP,
schools and seemingly reputable business site (.com).
You never know your e-mail ends up in a mass-spammer's mailing list if
you write to a dubious business site.)
Please note that I am NOT demanding any inquiry at all when I use the
sample template attached below. The e-mail is meant to be a just a
polite reminder that something may be possibly amiss at the receiver's
side.
My position is if such reminder get a reply from the admin, very well.
If the admin was able to find that a host was compromised for
launching pad for further attack, etc, great.
My point is just report the fact, and let the system admins of the
receiving ends worry if they so feel like doing it.
Just don't expect too much.
(I did receive three thank you e-mails from
university administrators whose machines were compromised.)
Example sample letter.
--- begin quote
To: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: Port probing from your domain.
--text follows this line--
Attached you will find a log summary of port probe
that came from your host (or your neighbor/your subdomain, etc..)
Your attention to this matter will be appreciated.
(It could be due a bad software configuration, a research program
accessing various hosts collecting statistics, but worst case is
someone may be abusing the computing resources at your sites.)
The date/time recorded is in JST (Japan Standard Time, 9 hours ahead of UT).
--- begin quote -----------------------------------------
here comes pertinent lines from your log.
--- end quote ----------------------------------------
Again, the date/time recorded is in JST (Japan Standard Time, 9 hours ahead of UT).
--- end quote ---
--
Ishikawa, Chiaki [EMAIL PROTECTED] or
(family name, given name) [EMAIL PROTECTED]
Personal Media Corp. ** Remove .NoSpam at the end before use **
Shinagawa, Tokyo, Japan 142-0051
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
