[Dshield] Why???

KeithTarrant KeithTarrant at spamcop.net
Thu Oct 3 21:33:14 GMT 2002


I wonder why those with a slack view on computer security hang out
in computer security areas.

Some ISPs don't want to be told of port scanning because it makes them
aware their customers either have a security problem or are creating a
security problem.

So long as they aren't aware they don't have an obligation to pass on the
info.  Once aware they have to make an attempt or face potential liability
issues.

As I noted earlier, most  ISPs have other more positive motivations.

In the vast majority of cases port scanning (80, 137, 139) is not someone
up to mischief.  Rather it is a customer with a worm.

In those cases prosecution doesn't enter into it -- the scanner is a
victim.

It is being  community minded and letting Internet newbies know
they have a problem and all those concerns they had about their
information not being
encrypted and secure are, until they fix their machine, well founded.

Even sub 7 scanning and FTP server scanning is often done from zombies.

While the average traffic from scanning is small compared with P2P
filesharing, the peak loads from outbreaks can be considerable, and the
money has to be spent so that facilities can handle those peak loads.

Also, attacks can shut down equipment, making redundant equipment
necessary.

And safeguards can increase the overhead of every packet transmitted (with
increased internal processing), increasing the amount of resources needed
for P2P filesharing or anything else.








More information about the list mailing list