[Dshield] Re: security.scan.sec.rr.com

John Groseclose iain at caradoc.org
Wed Jun 18 18:32:57 GMT 2003


Coxe, John B. writes: 

> The idiots who don't know how to configure/secure/patch/monitor a service
> are going to ultimately spoil it for others on those ISPs who are
> responsible and actually frequenly provide a service to their communities
> identifying threats.  I also wonder how many folks get nailed as running
> exploitable systems when they have honeypots set up which, naturally, do
> look like such.

That would be the exact reason I quit running FakeBO. I got lots of 
"helpful" information from various service providers who scanned me, despite 
having no contact with them at all. 

In at least one memorable case, the FakeBO log indicated an attempt to pop 
up an advertisement for an "Internet Security" consultant. After a short 
conference call between myself, his ISP, their "security" personnel, and the 
consultant in question, I believe the consensus from most parties was that 
if he chose to continue that behavior, his ISP would terminate his account 
with prejudice. 




More information about the list mailing list