OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: can/should
From: Crye, Michael (michaelchumongous.com)
Date: Wed May 24 2000 - 16:05:13 CDT

Speaking of other sources for scans ... I have experience with running
online gaming servers which sets flags off from many a network defender ...
They write us really upset that they are getting high levels of packets to
certain ports and fire off some really mad email at use at least once a
month. I wonder what their reaction is to our response that they are being
attacked by the evil Unreal Tournament Server that some user on their
network is playing. So I do recommend determining the nature of activity
and not to always trust commerical products that give you nice looking
reports, but the admin doesn't research the issue fully if at all in some
cases.

> -----Original Message-----
> From: Dion Stempfley [SMTP:Dionriptech.com]
> Sent: Wednesday, May 24, 2000 3:35 AM
> To: 'Barry Hudson '
> Cc: 'nmap-hackersinsecure.org'
> Subject: RE: can/should
>
>
> Many sites send a relatively curteous mail to the site or isp that
> summarizes that logs and states that you detected a portscan and consider
> this bad behavior, and would like the site to check to ensure that they
> have
> not been compromised. This assists sites that are being used as jumping
> off
> points to identify that they have been had.
>
> It's important not to be discourteous, because you may incure the wrath of
> some admins that will flame you to death.
>
> Dion Stempfley
> -----Original Message-----
> From: Barry Hudson
> To: nmap-hackersinsecure.org
> Sent: 5/23/00 9:35 AM
> Subject: can/should
>
> As a new firewall admin I have a question for the white hats. I log
> port scans and do a whois to locate the ISP that owns the ip address.
> My questions is what else
> can/should be done. I have no other reason to believe they got through
> or committed any crime. What else are you guys doing? I hope this is
> not to far off topic.
>
>
>
> Barry S. Hudson
> Network Systems Manager
> Fredericksburg Savings Bank
> www.fsbnk.com
> Business Email - bhudsonfsbnk.com
> All Other Email - barryhudsoncompuserve.com
>
> This email is intended for the addressee only. The material may be
> privileged and confidential information. If you have received this
> email in error, please notify me immediately by email and delete the
> original. Thank you.
>
>
>
>
> --------------------------------------------------
> For help using this (nmap-hackers) mailing list, send a blank email to
> nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).