Printable View
I wish that Port Scans are really illegal.....
My servers get scanned every now and then
when they break through my ISP's IDS system
Most law enforcement in my area is totally clueless
and every time they go after a Internet Bad Guy
it gets thrown out for one reason or another....
Usually they go after a Kiddie Porn Problem
and usually do pretty good on that.
But I will say they did nail that Buffalo Spammer
which is not that far from me.....
Maby you can disable the port scanner for no dead ports and what port scanner are you using because some just do not work at all and who are you scaning? Yourself?
That could be a bit of a "worrier". I scan computers quite regularly. Why? Because I want to know their "stance" as a result of suspicious activity from them in the first place. It is almost always an unsolicited contact on their behalf though I have had occasions where one of my workstations contacted them sometime recently and the activity followed either right away or soon after. I do it for a good reason. If the box shows me a bunch of open ports it's probably compromised. If I can then make some kind of connection, (anon ftp, wierd http etc.), then it goes straight on my blocked list.Quote:
but as VictorKaum pointed out some legislations might try to show that a port scan is a certain warning for a future intrusion attempt.
On the bright side I can show all the contacts between me and it, I can show they pre-empted the conversation, that I scanned, was suspicious, connected and left.
Aren't log files just the "Bee's Knees"? :D
In the case of a sysadmin I guess it's not as likely for the authorities to be too picky, especially if you have logs on your side. As a security professional it would be your job to ensure the safety of your network. But before you alert the powers that be about possible illegal activities you need to make sure that's the case[so you don't call the FBI or ISPs everyday].
But a random computer scanning successive ranges does trigger some suspicion.
I have superscan 3.0, do you think that's a good port scanner? I know there is now a superscan 4.0 but I'm to lazy to upgrade lol :p .
nothing is wrong body maby your port scanner is broken
Please correct me if I'm wrong...Quote:
Originally posted here by Tiger Shark
On the bright side I can show all the contacts between me and it, I can show they pre-empted the conversation, that I scanned, was suspicious, connected and left.
Aren't log files just the "Bee's Knees"? :D
Wouldn't it be very easy to fabricate some log files? In which, case you would need the log files from the other end of the "Conversation," to coroborate (sp?) your story to the investigating authorities! If the machine you connected to really is compromised the owner will, most likely, not have a clue about log files - so you're safe. If, however, the machine is not compromised what are the chances of the complaining owner deleting or doctoring his log files?
Hmmmm.....
well i agree with simon it is very very easy to fabricate, once they authorites cathch you it'll be hard to prove thatyou are innocent.
complications,complications .
my advice to you be care ful using that tool
You can fabricate log files, but you cannot fabricate the log files on your ISP [unless you decide you're able to hack into their network and change stuff around]. Usually your log files will indicate a certain activity, and the ISP can confirm or infirm [to the authorities] that what you're saying is true, based on their logs.Quote:
Originally posted here by Simple Simon
Please correct me if I'm wrong...
Wouldn't it be very easy to fabricate some log files? In which, case you would need the log files from the other end of the "Conversation," to coroborate (sp?) your story to the investigating authorities! If the machine you connected to really is compromised the owner will, most likely, not have a clue about log files - so you're safe. If, however, the machine is not compromised what are the chances of the complaining owner deleting or doctoring his log files?
Hmmmm.....
I'm not sure of what you mean by safe... do you mean as an attacker you're safe? Because that wouldn't be the case, I mean it's enough for them to complain to respective authorities and his ISP would dig up some logs and so on so forth.
I get port scanned every couple of days. I automatically whosit the addy and send an email to the abuse address that is in that solution.
The benifit of this, is very seldom have I ever been scanned more than once from the same block of addresses. The one time when, I did get scanned multiple times from the same IP block, I got a note from their abuse people saying that the offender was removed from their service.