(Embedded
image moved
to file:
pic10108.pcx)
Now there's a real thoughtful, mature suggestion. If all of us ping bombed
everyone who scanned us every time we got scanned, nothing else would move on
the Internet. Not to mention ping bombing a site (better known as a Denial of
Service attack) is ILLEGAL in most civilized countries, including the US and
Britain. Can we say law suit? Possible prosecution? I hope you're not
expressing Southwest Security Group's official position on how to handle scans,
intrusion attempts, etc. Your suggestion is the most irresponsible thing I've
ever heard. I wonder what your ISP would think if they knew you advocated
retaliatory strikes against possible probes? Or maybe your CIO/CEO should be
informed of what you advocate. What you suggest makes you no better than the
hackers/crackers/script kiddies out there.
I'll get off my soapbox now.
For hermit1: If you can't get in touch directly with bt.net, contact their
up-channel ISP. You can usually get a response by sending an email to
[EMAIL PROTECTED] or [EMAIL PROTECTED] NEVER attempt to retailate against
a suspected probe. It could be an innocent misconfiguration, or as you
suggested, the source address may be spoofed, in which case you just nuked the
wrong source. Any retaliation, other than legal steps through proper channels,
only lowers us to the level of the slime out there that has nothng better to do
than to probe other people's networks.
-------------------------------------------------------------------------------
Daniel R. (Dan) Dunn, EE
Sr. INFOSEC Engineer, GRC Int'l (an AT&T company)
OSD-ITD Firewall Administrator
p: 703-614-8086, ext 300
The opinions expressed by the author are entirely his own, and
do not reflect those of AT&T, GRCI, Inc., or its subsidiaries,
nor do they reflect policy, opinion, or endorsement by the
US Department of Defense or any of its agencies.
-------------- In Response to --------------
From: John Stevenson <[EMAIL PROTECTED]> on 06/14/2000 04:29 PM
To: "'hermit1'" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
cc:
Subject: RE: [FW1] hacker 194.73.175.25
PING BOMB THEM!
-----Original Message-----
From: hermit1 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 14, 2000 2:54 PM
To: [EMAIL PROTECTED]
Subject: [FW1] hacker 194.73.175.25
This is relevant only because my FW-1 logs show me this problem, but
someone on this list must know the answer. I am trying to get in touch
with someone at bt.net (apparently in England) to get them to stop scanning
my address space (currently on scan number 4), or maybe someone is spoofing
their IP address. The email addresses listed in RIPE do not exist.
Any help will be appreciated.
hermit1
***************************************************
This is an email. Don't rely on anything seen here
as being accurate without testing it yourself.
***************************************************
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
pic10108.pcx
