[Dshield] Scanning from

Doug White doug at clickdoug.com
Fri Sep 26 02:18:18 GMT 2003

Well rant on

I can see no reason to look to ISPs to do filtering for you, when that action
could block legitimate users of the ports in question.

The ideal solution for local security has not yet been developed, perhaps you
could work in that direction.

As long as any group, whether then be admins or home users continues to point
the finger somewhere besides where it belongs, the problems you complain of will
never be solved.

It is the end user who is ultimately responsible for securing their own
computers., I do agree that ISPs should be more proactive is assisting them or
at least requiring it would be a good idea.

Now that millions of connections, and this figure is growing every day, have
been deployed with all services defaulted to on, the ongoing changes being
incorporated by the software publishers will have little effect, until and
unless the end user incorporates the changes/patches that are developed and

Advancing technology is how you are protecting yourself so far, and there is no
way you can force the rest of the connected internet to incorporate   Nor can
you summarily eliminate all those, who for whatever reason, seek out
vulnerabilities and attempt to exploit them.

Is this an inconvenience for the rest of us? of course it is.  Is protecting
ourselves expensive?  Of course it is.

Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, September 25, 2003 7:35 PM
Subject: Re: [Dshield] Scanning from

| Its simple: The remote IP is spoofed.
| As I said in my RANT on RBLs, if ISPs were to do even brain dead packet
filtering, we wouldn't have this problem.
| To answer your semi-question directly: Clearly, your ISP is ***NOT*** repeat
***NOT*** doing their job properly. In fact, they are not even doing a half A-ed
| Write the editor of your local paper and complain about how lame your ISP is
and how they are leaving you wide open to attack from virtually untraceable
| "The squeaky wheels get the grease."
| I am convinced that they only way that this group is ever going to have a
serious impact on network security (other than protecting our own rears) is if
we complain long and loud to the local media about every serious security breech
that would otherwise go unnoticed.
| We all need to become VERY NOISY squeaky wheels!
| Jon R. Kibler
| A.S.E.T., Inc.
| Charleston, SC  USA
| Bruce & Roma wrote:
| >
| > Good Evening List;
| >
| > I have noticed some unusual scanning activity that was blocked by
| > my personal firewall yesterday and today.
| >
| > Details as follows:
| >
| > 24/09/03 07:20:29 PM Inbound TCP to local port ="1092"  Remote Port="80"
| > Remote IP="" Action Prevented
| >
| > 24/09/03 07:22:14 PM Inbound TCP to local port ="1307"  Remote Port="80"
| > Remote IP="" Action Prevented
| >
| > 25/09/03 07:21:57 PM Inbound TCP to local port ="1680" Remote Port="80"
| > Remote IP="" Action Prevented
| >
| > What I do not understand is how this was ever routed, especially if
| > my ISP is doing it's job properly.
| >
| > Since CvtWin filters these types of scans these were not reported in my
| > daily  scan submission.
| >
| > Has anyone else encountered something similar lately?  Although possibly
| > just a coincidence,
| > all instances I've encountered have been during the same time frame (just
| > after 7:20PM), yesterday and today.
| >
| > Thanks.
| >
| > Bruce
| >
| ==================================================
| Filtered by: TRUSTEM.COM's Email Filtering Service
| http://www.trustem.com/
| No Spam. No Viruses. Just Good Clean Email.


| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:

More information about the list mailing list