Don't forget that a skilled DDOS setup phase can take months. Anyone who knows their stuff will make their portscan timing inconspicuous enough that it won't trigger your alarms.
To be honest, I'm partially guilty of (very) occasionally portscanning people just to see what's out there, as most of us probably are (for example, when some customer asks me about why they can't send mail or get to a web page. That doesn't necessarily imply bad behavior. Nor would I want the guys in black berets showing up at the door whenever I check out someone's box :) Cheers, -John > Multiplied by all the people that do it this can look like a form of > DoS.... > T > > ----- Original Message ----- > From: "Matthias Geiser" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, December 09, 2002 6:24 PM > Subject: Re: [swinog] hacks > > >> On Mon, Dec 09, 2002 at 03:36:22PM +0100, Walter Onda wrote: >> > I was wondering what you are doing if some of your customer >> > (Internetuser) makes scanns to other server and the victim sends >> > warnings to you to prevent or to stop this action. >> >> A simple portscan is nothing bad (TM). >> >> Scanning several nets could be problematic, but scanning a host, I >> can't see a negative aspect in that. >> >> >> Matthias >> -- >> PGP KeyID: 1024/688E6CD9 FP: 3C59 DE10 DFD4 ED57 E8F4 19A8 B048 1FD2 >> ---------------------------------------------- >> [EMAIL PROTECTED] Maillist-Archive: >> http://www.mail-archive.com/swinog%40swinog.ch/ > > ---------------------------------------------- > [EMAIL PROTECTED] Maillist-Archive: > http://www.mail-archive.com/swinog%40swinog.ch/ > ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
