[Dshield] Re: Scanning from 127.0.0.1

Father Peter Darin BDarin at tanaya.net
Fri Sep 26 05:24:09 GMT 2003


Hello, 

I generally don't get in the middle of these things, but this one beckons my 
attention. 

I have Qwest DSL and pay for the Office/Lan package.  Translation, I pay for 
the right to tell Qwest to keep their blooming hand OFF my packets.  Qwest 
and I have had several round-abouts over this discussing what their role 
should be as my provider.  Thankfully they aagree it is NOT their job to 
police my server. 

When I get DSL, I was quite ignorant about it and the significant increase 
in security issues.  I will state this very simply, if a person is an 
internet user, then they have a responsibility to LEARN what must be done to 
keep THEIR property safe. 

(My Rant) If most M$ admins, including M$ did this, then the many rampid 
viruses out there simply would not get off the groud. 

Its high-time that the internet ignorants take steps to open their eyes and 
relize that their computer is NOT the responsaibility of someone else. 

Actually, there is a way, a simple survey from the provider asking very 
basic questions can determine weather thew customer is capable of caring for 
their connection.  If the customer is not educated or (in most cases of my 
25 years of programming) too lazy to do what is right, CHARGE THEM A 
PROTECTION FEE.  If they refuse take steps to protect their equipement and 
refuse to pay a protection fee and become infected, FINE THEM A PENILITY FEE 
and disconnect them until the problem is fixed. 

Its really that simple.  We that do take the rights steps continue to use 
the internet with the resources avilable to us and those that do not do the 
right thing either leave or learn. 


Doug White writes: 

> Well rant on 
> 
> I can see no reason to look to ISPs to do filtering for you, when that action
> could block legitimate users of the ports in question. 
> 
> The ideal solution for local security has not yet been developed, perhaps you
> could work in that direction. 
> 
> As long as any group, whether then be admins or home users continues to point
> the finger somewhere besides where it belongs, the problems you complain of will
> never be solved. 
> 
> It is the end user who is ultimately responsible for securing their own
> computers., I do agree that ISPs should be more proactive is assisting them or
> at least requiring it would be a good idea. 
> 
> Now that millions of connections, and this figure is growing every day, have
> been deployed with all services defaulted to on, the ongoing changes being
> incorporated by the software publishers will have little effect, until and
> unless the end user incorporates the changes/patches that are developed and
> released. 
> 
> Advancing technology is how you are protecting yourself so far, and there is no
> way you can force the rest of the connected internet to incorporate   Nor can
> you summarily eliminate all those, who for whatever reason, seek out
> vulnerabilities and attempt to exploit them. 
> 
> Is this an inconvenience for the rest of us? of course it is.  Is protecting
> ourselves expensive?  Of course it is. 
> 
> ======================================
> Stop spam on your domain, use our gateway!
> For hosting solutions http://www.clickdoug.com
> Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
> ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
> Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
> ======================================
> If you are not satisfied with my service, my job isn't done! 
> 
> ----- Original Message ----- 
> From: "Jon R. Kibler" <Jon.Kibler at aset.com>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Thursday, September 25, 2003 7:35 PM
> Subject: Re: [Dshield] Scanning from 127.0.0.1 
> 
> 
> | Its simple: The remote IP is spoofed.
> |
> | As I said in my RANT on RBLs, if ISPs were to do even brain dead packet
> filtering, we wouldn't have this problem.
> |
> | To answer your semi-question directly: Clearly, your ISP is ***NOT*** repeat
> ***NOT*** doing their job properly. In fact, they are not even doing a half A-ed
> job!
> |
> | Write the editor of your local paper and complain about how lame your ISP is
> and how they are leaving you wide open to attack from virtually untraceable
> sources.
> |
> | "The squeaky wheels get the grease."
> |
> | I am convinced that they only way that this group is ever going to have a
> serious impact on network security (other than protecting our own rears) is if
> we complain long and loud to the local media about every serious security breech
> that would otherwise go unnoticed.
> |
> | We all need to become VERY NOISY squeaky wheels!
> |
> | Jon R. Kibler
> | A.S.E.T., Inc.
> | Charleston, SC  USA
> |
> |
> | Bruce & Roma wrote:
> | >
> | > Good Evening List;
> | >
> | > I have noticed some unusual scanning activity that was blocked by
> | > my personal firewall yesterday and today.
> | >
> | > Details as follows:
> | >
> | > 24/09/03 07:20:29 PM Inbound TCP to local port ="1092"  Remote Port="80"
> | > Remote IP="127.0.0.1" Action Prevented
> | >
> | > 24/09/03 07:22:14 PM Inbound TCP to local port ="1307"  Remote Port="80"
> | > Remote IP="127.0.0.1" Action Prevented
> | >
> | > 25/09/03 07:21:57 PM Inbound TCP to local port ="1680" Remote Port="80"
> | > Remote IP="127.0.0.1" Action Prevented
> | >
> | > What I do not understand is how this was ever routed, especially if
> | > my ISP is doing it's job properly.
> | >
> | > Since CvtWin filters these types of scans these were not reported in my
> | > daily  scan submission.
> | >
> | > Has anyone else encountered something similar lately?  Although possibly
> | > just a coincidence,
> | > all instances I've encountered have been during the same time frame (just
> | > after 7:20PM), yesterday and today.
> | >
> | > Thanks.
> | >
> | > Bruce
> | >
> |
> |
> |
> |
> | ==================================================
> | Filtered by: TRUSTEM.COM's Email Filtering Service
> | http://www.trustem.com/
> | No Spam. No Viruses. Just Good Clean Email.
> |
> | 
> 
> 
> -------------------------------------------------------------------------------- 
> 
> 
> | _______________________________________________
> | list mailing list
> | list at dshield.org
> | To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> | 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> --- [ tanaya.net/Exim/Antiviral ] ---
> This message has been scanned with ClamScan, Inoculate, RAV and
> H+BEDV AntiVir antivirus software and has been determined to be
> VIRUS FREE. 
> 
> 
 
--- [ tanaya.net/Exim/Antiviral ] ---
This message has been scanned with ClamScan, Inoculate, RAV and
H+BEDV AntiVir antivirus software and has been determined to be
VIRUS FREE.




More information about the list mailing list