RE: port scan detected

  • From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 22 Aug 2003 08:42:09 +0200

Hi Joseph

Seeing as you're now protected from all sorts of evil, I'm sure your SQL
Import Scripts are getting some seriously undivided attention... :)

William

-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx] 
Sent: 22 August 2003 08:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected

http://www.ISAserver.org


Hi Thomas,

I'm a beleiver in piracetam. Does wonders for my concentration! And with
the right/wrong music combination
I can get all the psychtronic stimulation I need! Now just to continue
waring my tin hat!

Joseph

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, August 21, 2003 4:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected


http://www.ISAserver.org


Sorry, that's psychtronic. Psychotropic is an entirely different matter
;-)

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Thomas W Shinder 
Sent: Thursday, August 21, 2003 6:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected


http://www.ISAserver.org


Hi Joseph,

If I had that much tinfoil I would never have to worry about
psychotropic manipulation again!

http://c2.com/cgi/wiki?TinFoilHat

HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx] 
Sent: Wednesday, August 20, 2003 2:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected


http://www.ISAserver.org


If I only had a package of foil every time someone said that!

-----Original Message-----
From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, August 20, 2003 8:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected


http://www.ISAserver.org



Tom,

 

Interesting thing happened today. After creating a packet filter to
block an IP, two days ago, he port scanned me again this morning. Can
you explain this? Thanks.

 

Mark

 

  _____  

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, August 19, 2003 4:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected

 

http://www.ISAserver.org

Hi Mark,

 

Sure. Human eyes must evaluate the nature of the attack, and human eyes
must evaluate the source location.

 

For example, if the "attack" if some a DNS timeout issue with your DNS
server, do you want to block that?

 

Another example, if the "attack" is from another admin testing his
"skills" from home, do you want to block that?

 

Another example, the IDS is misconfigured, do you want to block what it
says?

 

Another example, a legit host is infected and cleaned. Now that host is
blocked. Do you want to block that and then deal with connectivity
issues when you forgot about your blocking filters or try to fish out
the blocked host address from the thousands you your list?

 

Harden your hosts, use Application and Web filters, never publish a Web
site using an IP address, all the basic stuff. That's a lot more
effective than blocking addresses willy nilly. 

 

YMMV,

Tom

 

Thomas W Shinder

www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx] 
        Sent: Tuesday, August 19, 2003 2:13 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: port scan detected

        http://www.ISAserver.org

        Tom,

         

        Could you elaborate on this "intelligent address blocking"?
Thanks.

         

        Mark

         

        
  _____  


        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: Tuesday, August 19, 2003 1:59 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: port scan detected

         

        http://www.ISAserver.org

        Ni Brian,

         

        Nor should you. Blocking addresses that scan you is like
shooting at cars that drive past your home and look at your windows and
front door. :-) Be aware of the attempt, but you'll end up making a
critical error sooner or later if you block addresses without putting
some intelligence behind the block.

         

        HTH,

        Tom

         

        Thomas W Shinder

        www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark.hopkins@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub') 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------


Other related posts: