Personally I would nmap an offending host. The why is pretty simple, if I see exploitable services or backdoors I know the host is not the one offending me but the person who cracked it. If there are no exploitable services/backdoors I can contact it's administrator and maybe we can find out together who it is. Now if it were me offending (which won't happen) if I got contacted by somebody telling me somebody is using my box to offend them I'd go like well hell I can't find anything in my logs. Then I'd get the reply look for a rootkit with some instructions and I'd say ah damn they erased all their tracks. Not really a smart approach........ They always need to crack atleast one box before they can hide theirselves.... Then again, I wonder if a lot of scriptkiddies are smart enuf to hide themselves On Wednesday 12 September 2001 19:04, Richard Feaver wrote: > lo, > > What would you achieve by running NMAP on their machine anyway ? > > Spot a few exploitable services. . . what would you do then? > break in and get busted and for what ? > precisley zero apart from an nmap scan which happen by the thousands. > > just get the IP block and report them to admin and move on. > > lates > > -----Original Message----- > From: Matt Hemingway [mailto:[EMAIL PROTECTED]] > Sent: 10 September 2001 11:59 > To: [EMAIL PROTECTED] > Subject: Re: Is it "legal" to nmap offending hosts? > > > I say if someone runs nmap on your host you should be able to run it right > back on one of their's. If someone hits me in the face, I hit them right > back. If someone calls me stupid, I call them a f'ing moron. If someone > scans my computer, I DoS them.........but thats just me. :-) > > -matt > > On Monday 10 September 2001 15:45, you wrote: > > Xno, > > I think it's better to run an nslookup on a host, then contact the > > administrator and send a few pages of log files (careful not to send too > > much info in logs - internal IPs etc.). Most of the traffic I get is > > either related to a virus (i.e. Code Red infected IIS servers or servers > > at > > > that site compromised by another user). More than often the admins are > > unaware of the traffic hitting your firewall, and most are polite and > > helpful when investigating unwarranted network traffic. I don't advise > > to use aggressive probes to investigate a host you suspect as probing > > yours, it's better to work with them to resolve the issue. > > > > Robert > > > > > > > > > > > > -----Original Message----- > > From: Xno Xutz [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, September 08, 2001 11:10 AM > > To: [EMAIL PROTECTED] > > Subject: Is it "legal" to nmap offending hosts? > > > > > > Hi All! > > > > Sure this is a beginners question, but I must ask it > > anyway. Is it considered ilegal ou unpolite to send > > nmap probes to offending hosts I find in my logs? I > > have no intention to go any farther, but I would like > > to gather some information on these hosts. > > > > Any comments would be welcome! > > > > Regards, > > Xno > > > > __________________________________________________ > > Do You Yahoo!? > > Get email alerts & NEW webcam video instant messaging with Yahoo! > > Messenger > > > http://im.yahoo.com
Re: Is it "legal" to nmap offending hosts?
TD - Sales International Holland B.V. Sun, 16 Sep 2001 13:44:26 -0700
- RE: Is it "legal" to nmap ... NVujic
- Re: RE: Is it "legal"... andbr005
- Re: Is it "legal" to ... Matt Hemingway
- Re: Is it "legal" to ... ashcrow
- Re: Is it "legal" to ... Michael H. Warfield
- RE: Is it "legal" to ... Robert D. Hughes
- RE: Is it "legal" to ... Richard Feaver
- RE: Is it "legal" to ... News
- Re: Is it "legal" to ... Michael H. Warfield
- Re: Is it "legal" to ... TD - Sales International Holland B.V.
- Re: Is it "legal" to ... gminick
