|
Port scan attempts
"Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
Port scan detected from address 206.204.10.200. Blocked further access for 30 minutes after detecting at least 6 ports being probed." Is there a way I can report abouse for this? It appears that I must report abuse to: abuse@conxion.net but that address is invalid - I believe. So what can I do? -- main(){char s[37]="CSbwjAjocpy/mw!PS!sbwjAeftqbnnfe/dpn"; int i;for(i=0;i<36;putchar(s[i++]-1));return 0;} |
Re: Port scan attempts
On Tue, 23 Dec 2003 00:09:02 +0530, Ravi wrote:
> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > Port scan detected from address 206.204.10.200. > Blocked further access for 30 minutes after detecting at > least 6 ports being probed." > > Is there a way I can report abouse for this? > > It appears that I must report abuse to: > abuse@conxion.net > > but that address is invalid - I believe. > > So what can I do? Let's see, host 206.204.10.200 200.10.204.206.in-addr.arpa domain name pointer security.symantec.com. Hmm, belongs to symantec.com I bet there may be a Contact Us in their web page http://symantec.com/ |
Re: Port scan attempts
In article <tdeeuvspog49uonkgpi7id2cc8i2tcq3qs@4ax.com>,
ravi@despammed.com says... > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > Port scan detected from address 206.204.10.200. > Blocked further access for 30 minutes after detecting at > least 6 ports being probed." > > Is there a way I can report abouse for this? > > It appears that I must report abuse to: > abuse@conxion.net > > but that address is invalid - I believe. > > So what can I do? > abuse? it's not illegal to port scan. get over it. # nslookup 206.204.10.200 Name: security.symantec.com Address: 206.204.10.200 -- Colonel Flagg http://www.internetwarzone.org/ Privacy at a click: http://www.cotse.net Q: How many Bill Gates does it take to change a lightbulb? A: None, he just defines Darkness? as the new industry standard..." "...I see stupid people." |
Re: Port scan attempts
"Colonel Flagg" <colonel_flagg@NOSOUPFORJ00internetwarzone.org> wrote in
message news:MPG.1a5120edde30b985989c21@news.charter.net.. . > In article <tdeeuvspog49uonkgpi7id2cc8i2tcq3qs@4ax.com>, > ravi@despammed.com says... > > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > > Port scan detected from address 206.204.10.200. > > Blocked further access for 30 minutes after detecting at > > least 6 ports being probed." > > > > Is there a way I can report abouse for this? > > > > It appears that I must report abuse to: > > abuse@conxion.net > > > > but that address is invalid - I believe. > > > > So what can I do? > > > > > abuse? > > it's not illegal to port scan. get over it. > > # nslookup 206.204.10.200 > > Name: security.symantec.com > Address: 206.204.10.200 > > > > -- > Colonel Flagg > http://www.internetwarzone.org/ > heh i got busted once for portscanning :( -- Mimic "Without Knowledge you have fear, With fear you create your own nightmares." "There are 10 types of people in this world. Those that understand Binary, and those that dont." "C makes it easy to shoot yourself in the foot. C++ makes it harder, but when you do, it blows away your whole leg" |
Re: Port scan attempts
"Colonel Flagg" <colonel_flagg@NOSOUPFORJ00internetwarzone.org> wrote in
message news:MPG.1a5120edde30b985989c21@news.charter.net.. . > In article <tdeeuvspog49uonkgpi7id2cc8i2tcq3qs@4ax.com>, > ravi@despammed.com says... > > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > > Port scan detected from address 206.204.10.200. > > Blocked further access for 30 minutes after detecting at > > least 6 ports being probed." > > > > Is there a way I can report abouse for this? > > > > It appears that I must report abuse to: > > abuse@conxion.net > > > > but that address is invalid - I believe. > > > > So what can I do? > > abuse? > > it's not illegal to port scan. get over it. > > # nslookup 206.204.10.200 > > Name: security.symantec.com > Address: 206.204.10.200 Ahem. Depends on where you're scanning from. IIRC, you can get prosecuted for using too-strong encryption in France, or for saving POP IP addresses in Germany.. in the UK it *will* get your account pulled (assuming that the AUP team have been injected with that yellow stuff that they used in /Reanimator/) To the OP: read comments, think about said comments, learn.. it's a good order to do things ;o) H1K |
Re: Port scan attempts
On Mon, 22 Dec 2003 15:41:01 -0500, Colonel Flagg wrote:
> it's not illegal to port scan. get over it. http://theregister.co.uk/content/55/31220.html Just a few state selections. You read with the lawyer hat on, which means, as it is written. http://www.capitol.state.tx.us/statu...ml#pe001.33.01 Read 33.01. Definition (1) "Access" 33.02. Breach of Computer Security (a) http://www.umpqua.cc.or.us/policy/oregon-law.htm Read 1 (a) then (4) |
Re: Port scan attempts
Ravi wrote:
> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > Port scan detected from address 206.204.10.200. > Blocked further access for 30 minutes after detecting at > least 6 ports being probed." > > Is there a way I can report abouse for this? > You can try the myNetWatchman service (http://www.mynetwatchman.com) to automatically report scans. They consolidate reports from a number of users and screen them so that only the signficant ones are actually reported. I use it with logging from a hardware firewall and a cable modem, but it will also work with logs from various software firewalls. I don't know if it is practical with a dial-up modem. |
Re: Port scan attempts
Colonel Flagg wrote:
>>Port scan detected from address 206.204.10.200. >>Blocked further access for 30 minutes after detecting at >>least 6 ports being probed." >> >>Is there a way I can report abouse for this? >>So what can I do? > abuse? > > it's not illegal to port scan. get over it. Welcome to the Internet. I get scanned a number of times a day, and scan anyone connecting to my machine in a suspicious manner. I've got a database of all the scans using NLog, so big I had to install mySQL just to keep them straight. No one's ever said a word to me. And besides, there's always _passive_ scanning and icmp-based scanning ;) Most ISP's, when contacted, do nothing about real break-in attempts, let alone a mesley portscan. And then there's legit uses too- IRCd's routinely portscan 23, 80, 8080, 3168 looking for open proxies. If you're auto-blocking them, and the scan-site has the same IP as the host site, you will be blocking your users from using IRC at all (which you may or may not want to do). In short, unless it becomes a pattern form the same IP# over and over, let it slide . -- =-=-=.:|DISTRIBUTION|PROGRAMMING|RESEARCH|PORTAL|:.-=-= [jayjwa] RLF#37 Raq glenaal: Nffnfvangr Ovyy Tngrf [Atr2 Labs] Jvaqbjf vf n qvfrnfr Finger for proj. "Putting encryption to good use." =Linux Tough.Powered By Slackware=-HTTPS|FTP|SILC|SSH-= |
Re: Port scan attempts
I was happily strolling along my merry little way in alt.computer.security,
when I looked down and saw a little note from Ravi on Mon 22 Dec 2003 01:51:02p who wrote: > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) > Port scan detected from address 206.204.10.200. > Blocked further access for 30 minutes after detecting at > least 6 ports being probed." > > Is there a way I can report abouse for this? > > It appears that I must report abuse to: > abuse@conxion.net > > but that address is invalid - I believe. > > So what can I do? A port scan does not constitue hostile activity. is could be anything. If you can prove that there is a pattern to the scan that indicates that they are trying to get in, then..... most hack attempts are preempted by multiple reconnisance activity that has a discernable pattern. a passive host based IDS can log that information for you. -- Rowdy Yates MCSE, Security+ (working on a CISSP and lovin' it!) |
Re: Port scan attempts
On Mon, 22 Dec 2003 19:00:47 GMT, Bit Twister
<BitTwister@localhost.localdomain> wrote: >On Tue, 23 Dec 2003 00:09:02 +0530, Ravi wrote: >> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30) >> Port scan detected from address 206.204.10.200. >> Blocked further access for 30 minutes after detecting at >> least 6 ports being probed." >> >> Is there a way I can report abouse for this? >> >> It appears that I must report abuse to: >> abuse@conxion.net >> >> but that address is invalid - I believe. >> >> So what can I do? > >Let's see, >host 206.204.10.200 >200.10.204.206.in-addr.arpa domain name pointer security.symantec.com. > >Hmm, belongs to symantec.com > >I bet there may be a Contact Us in their web page http://symantec.com/ If that is correct then my mistake! I actually asked them to scan my ports using their security check site. But then is not the abuse address that I wrote correct? TIA. -- main(){char s[37]="CSbwjAjocpy/mw!PS!sbwjAeftqbnnfe/dpn"; int i;for(i=0;i<36;putchar(s[i++]-1));return 0;} |
| All times are GMT. The time now is 01:39 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.