«

"Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
Port scan detected from address 206.204.10.200.
Blocked further access for 30 minutes after detecting at
least 6 ports being probed."

Is there a way I can report abouse for this?

It appears that I must report abuse to:


but that address is invalid - I believe.

So what can I do?
--
main(){char s[37]="CSbwjAjocpy/mw!PS!sbwjAeftqbnnfe/dpn";
int i;for(i=0;i<36;putchar(s[i++]-1));return 0;}

On Tue, 23 Dec 2003 00:09:02 +0530, Ravi wrote:
> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> Port scan detected from address 206.204.10.200.
> Blocked further access for 30 minutes after detecting at
> least 6 ports being probed."
>
> Is there a way I can report abouse for this?
>
> It appears that I must report abuse to:
>
>
> but that address is invalid - I believe.
>
> So what can I do?

Let's see,
host 206.204.10.200
200.10.204.206.in-addr.arpa domain name pointer security.symantec.com.

Hmm, belongs to symantec.com

I bet there may be a Contact Us in their web page http://symantec.com/

In article <>,
says...
> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> Port scan detected from address 206.204.10.200.
> Blocked further access for 30 minutes after detecting at
> least 6 ports being probed."
>
> Is there a way I can report abouse for this?
>
> It appears that I must report abuse to:
>
>
> but that address is invalid - I believe.
>
> So what can I do?
>


abuse?

it's not illegal to port scan. get over it.

# nslookup 206.204.10.200

Name: security.symantec.com
Address: 206.204.10.200



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

"Colonel Flagg" <> wrote in
message news:.. .
> In article <>,
> says...
> > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> > Port scan detected from address 206.204.10.200.
> > Blocked further access for 30 minutes after detecting at
> > least 6 ports being probed."
> >
> > Is there a way I can report abouse for this?
> >
> > It appears that I must report abuse to:
> >
> >
> > but that address is invalid - I believe.
> >
> > So what can I do?
> >
>
>
> abuse?
>
> it's not illegal to port scan. get over it.
>
> # nslookup 206.204.10.200
>
> Name: security.symantec.com
> Address: 206.204.10.200
>
>
>
> --
> Colonel Flagg
> http://www.internetwarzone.org/
>

heh i got busted once for portscanning

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Colonel Flagg" <> wrote in
message news:.. .
> In article <>,
> says...
> > "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> > Port scan detected from address 206.204.10.200.
> > Blocked further access for 30 minutes after detecting at
> > least 6 ports being probed."
> >
> > Is there a way I can report abouse for this?
> >
> > It appears that I must report abuse to:
> >
> >
> > but that address is invalid - I believe.
> >
> > So what can I do?
>
> abuse?
>
> it's not illegal to port scan. get over it.
>
> # nslookup 206.204.10.200
>
> Name: security.symantec.com
> Address: 206.204.10.200

Ahem. Depends on where you're scanning from.

IIRC, you can get prosecuted for using too-strong encryption in France, or
for saving POP IP addresses in Germany.. in the UK it *will* get your
account pulled (assuming that the AUP team have been injected with that
yellow stuff that they used in /Reanimator/)

To the OP: read comments, think about said comments, learn.. it's a good
order to do things ;o)

H1K

On Mon, 22 Dec 2003 15:41:01 -0500, Colonel Flagg wrote:

> it's not illegal to port scan. get over it.

http://theregister.co.uk/content/55/31220.html

Just a few state selections. You read with the lawyer hat on,
which means, as it is written.

http://www.capitol.state.tx.us/statu...ml#pe001.33.01
Read 33.01. Definition (1) "Access"
33.02. Breach of Computer Security (a)

http://www.umpqua.cc.or.us/policy/oregon-law.htm
Read 1 (a) then (4)

Ravi wrote:
> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> Port scan detected from address 206.204.10.200.
> Blocked further access for 30 minutes after detecting at
> least 6 ports being probed."
>
> Is there a way I can report abouse for this?
>
You can try the myNetWatchman service (http://www.mynetwatchman.com) to
automatically report scans. They consolidate reports from a number of users
and screen them so that only the signficant ones are actually reported. I
use it with logging from a hardware firewall and a cable modem, but it will
also work with logs from various software firewalls. I don't know if it is
practical with a dial-up modem.

Colonel Flagg wrote:

>>Port scan detected from address 206.204.10.200.
>>Blocked further access for 30 minutes after detecting at
>>least 6 ports being probed."
>>
>>Is there a way I can report abouse for this?

>>So what can I do?

> abuse?
>
> it's not illegal to port scan. get over it.

Welcome to the Internet. I get scanned a number of times a day, and scan
anyone connecting to my machine in a suspicious manner. I've got a
database of all the scans using NLog, so big I had to install mySQL just
to keep them straight. No one's ever said a word to me. And besides,
there's always _passive_ scanning and icmp-based scanning

Most ISP's, when contacted, do nothing about real break-in attempts, let
alone a mesley portscan. And then there's legit uses too- IRCd's
routinely portscan 23, 80, 8080, 3168 looking for open proxies. If
you're auto-blocking them, and the scan-site has the same IP as the host
site, you will be blocking your users from using IRC at all (which you
may or may not want to do). In short, unless it becomes a pattern form
the same IP# over and over, let it slide .


--

=-=-=.DISTRIBUTION|PROGRAMMING|RESEARCH|PORTAL|:.-=-=
[jayjwa] RLF#37 Raq glenaal: Nffnfvangr Ovyy Tngrf
[Atr2 Labs] Jvaqbjf vf n qvfrnfr
Finger for proj. "Putting encryption to good use."
=Linux Tough.Powered By Slackware=-HTTPS|FTP|SILC|SSH-=

I was happily strolling along my merry little way in alt.computer.security,
when I looked down and saw a little note from Ravi on Mon 22 Dec 2003
01:51:02p who wrote:

> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
> Port scan detected from address 206.204.10.200.
> Blocked further access for 30 minutes after detecting at
> least 6 ports being probed."
>
> Is there a way I can report abouse for this?
>
> It appears that I must report abuse to:
>
>
> but that address is invalid - I believe.
>
> So what can I do?

A port scan does not constitue hostile activity. is could be anything. If you
can prove that there is a pattern to the scan that indicates that they are
trying to get in, then.....

most hack attempts are preempted by multiple reconnisance activity that has a
discernable pattern. a passive host based IDS can log that information for
you.

--
Rowdy Yates
MCSE, Security+
(working on a CISSP and lovin' it!)

On Mon, 22 Dec 2003 19:00:47 GMT, Bit Twister
<> wrote:

>On Tue, 23 Dec 2003 00:09:02 +0530, Ravi wrote:
>> "Date: 22/12/2003 Time: 22:52:16 (GMT +5:30)
>> Port scan detected from address 206.204.10.200.
>> Blocked further access for 30 minutes after detecting at
>> least 6 ports being probed."
>>
>> Is there a way I can report abouse for this?
>>
>> It appears that I must report abuse to:
>>
>>
>> but that address is invalid - I believe.
>>
>> So what can I do?
>
>Let's see,
>host 206.204.10.200
>200.10.204.206.in-addr.arpa domain name pointer security.symantec.com.
>
>Hmm, belongs to symantec.com
>
>I bet there may be a Contact Us in their web page http://symantec.com/

If that is correct then my mistake!
I actually asked them to scan my ports using their security
check site.

But then is not the abuse address that I wrote correct?

TIA.

--
main(){char s[37]="CSbwjAjocpy/mw!PS!sbwjAeftqbnnfe/dpn";
int i;for(i=0;i<36;putchar(s[i++]-1));return 0;}