Ethical response to port scanners? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Ethical response to port scanners?

  1. #11
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Ummm...........Whenever I get a port scan I usually just block the whole range, Unless I know where it's comming from like Kazaa, Anti-Online....ect

  2. #12
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Since they own the IP segment, they are probably scanning for infected machines on their segment so they can notfiy infected users that their machines have been compromised.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #13
    Senior Member
    Join Date
    Aug 2003
    Posts
    119

    I just lost all hope in cox....

    Ok I'll shorten it a great deal, but I got this in response from cox.....

    Cox.net/CoxCom, your cable Internet service provider, has
    received complaints from other users within the Internet
    community that your computer has been used to send
    unauthorized probes against their systems. These complaints
    contained logs of the network traffic showing the use of
    your CoxCom account to scan other computers via the
    Internet.

    "blah blah blah tells you what a system probe is, tells you to not do it again"

    The complete AUP can be found here:

    http://support.cox.net/custsup/polic...tableuse.shtml

    Thank you,
    Abuse and AUP Management
    Cox Communications Inc.


    *** NOTE TO SUBSCRIBER ***


    If you are not aware of this activity by anyone with direct access to your
    computer(s), then one or more of your computers may be compromised with one or
    more Trojan Viruses. There are a number of malicious 'remote access trojans'
    (RAT) that are frequently used to relay malicious activity through a victim's
    machine. We recommend you check any systems connected through your cable modem
    for such compromises. Update and run any Anti-virus program(s) you might
    have.

    Please note that common Anti-virus products may have considerable difficulty
    detecting and/or removing trojans because they often use legitimate software
    packages such as mIRC or Wingate. Please make efforts to ensure that any
    systems attached to the Cox HSI network are free of any viruses, worms, or
    trojans. In the event that you are running a wireless network, please be
    certain that it is secure and neighbors and/or strangers are not using your
    service without your knowledge. If necessary, please remove any suspect
    machines from the Cox network until the problems can be located and fixed. If
    you are unable to locate the source of this email, please have a professional
    investigate and clean the compromised system. We appreciate your help in
    resolving this matter.


    Please review the Cox HSI Acceptable Use Policy located at the following
    address:

    http://support.cox.net/custsup/polic...tableuse.shtml

    Some ways to protect yourself against future unauthorized access:

    1) Use a broadband gateway
    2) Manually run Windows Updates and Enable automatic Windows Updates by visiting http://windowsupdate.microsoft.com. (critical OS security patches)
    3) If MS Office suite is installed, regularly run MS Office updates by visiting http://office.microsoft.com/OfficeUpdate/default.aspx (Critical office security patches)
    4) Disable unnecessary services (web, ftp, mail servers)
    5) Consider using an additional software firewall with application protection
    to ensure only programs with permission speak on the network
    6) Disable automatic saving of attachments in Outlook express or Outlook
    7) Disable html in email
    8) Keep Instant messengers and other always-on services updated and patched
    9) Never run files from untrusted sources (peer-to-peer networks, Usenet, IRC,
    Web)
    10) Limit and monitor activity by minors using systems in household


    Sincerely,

    The Cox Customer Security Department



    --- The following material was provided to us as evidence ---


    [Part 0 (plain text)]

    I have attached the security logs from my firewall from what is no doubt an
    abusive user. My immediate reaction was to scan them in return, however I
    decided to cancel this route as it would not be preferred. Please let me know
    what can be done.
    X

    03/12/2004 02:43:32 Port Scan Minor Incoming TCP X.X.X.X 00-50-57-00-EF-5F
    my ip addy my mac addy thadbme PEREGRIN Normal 1 03/12/2004 02:43:32
    03/12/2004 02:43:32

    03/12/2004 02:43:26 Port Scan Minor Incoming TCP X.X.X.X 00-50-57-00-EF-5F
    my ip addy my mac addy thadbme PEREGRIN Normal 1 03/12/2004 02:43:26
    03/12/2004 02:43:26
    03/12/2004 02:43:23 Port Scan Minor Incoming TCP X.X.X.X 00-50-57-00-EF-5F
    my ip addy my mac addy thadbme PEREGRIN Normal 1 03/12/2004 02:43:23
    03/12/2004 02:43:23

    Ok sorry for the long post... but they use MY OWN EVIDENCE to say that I was the one attacking, not to mention I have the original logs. Opinions on this? This has almost upset me to the point of wanting another ISP, but unfortunately at this time I cannot switch. Thoughts??

  4. #14
    Junior Member
    Join Date
    Mar 2004
    Posts
    7
    It's quite possible that they have a program that reads the abuse mailbox, attempts to parse it and sends out notifications without ever having an actual human intervene. Maybe the auto abuse-mail-reader misinterpreted your logs, thinking that you were were complaining about yourself. I've had this scenario happen several times with different ISP's and backbone providers. If you submit your request again, with some language indicating that you've already tried to submit it once, but it was mis-interpreted they may read the log entries for what they actually are. Failing all that, you could give them a call.

    --Ben

  5. #15
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Call them and get a technical support 'specialist' or whatever the **** (I know those call centers are a nightmare) they are and try to be very nice and explain they made a boo-boo. As far as the scans from your ISP go, you can eat it or switch, its their network and they are trying to keep it clean. If you cant take a portscan stay outta the internet.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  6. #16
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    I can handle the port scan's I'll assure you. The main reason I posted was to ask the question why the sudden increase. I think that I might have to call cox and complain or something.

    I think the autoparse response is probably correct. Anyways thanks for listening.

  7. #17
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    628
    If I'm not mistaken, port 5000 is the Universal Plug and Play port address....there is a tool at grc.com that can close it permanently if you don't need it.

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  8. #18
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    thadbme, when I file complaints with my cable provider I usually get a copy of the email. It strikes me that they've sent you a copy of the note they've sent to the "attacker". Before making an assumption, check to see if you were BCC'd. The fact that it's your own evidence would lead me to think that more than them accusing you of an "attack".
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #19
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    negative MsM. I'm in the To: category, on top of that they sanitized the other IP which was the real attacker, I only sanitized my IP and mac address. I'm thinking its going back to the auto parse theory. It doesn't appear to be a personalized email, rather just my information had been inserted.

  10. #20
    Banned
    Join Date
    Mar 2004
    Posts
    28

    Ethics?

    Are there ethics here? I believe you should saet your firewall to block those ports and attempt to trace,as illegal hacks can be reported.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides