Date: Fri, 21 Jul 2006 11:43:26 +0200 From: Clemens Renner <claim@rinux.net> To: Nash Nipples <trashy_bumper@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: Port scan from Apache? Message-ID: <44C0A1BE.4050500@rinux.net> In-Reply-To: <20060721082531.51373.qmail@web36313.mail.mud.yahoo.com> References: <20060721082531.51373.qmail@web36313.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Nash, I'm not sure I really understand what you're up to. In any case, let me clarify that my whole intention was to get a better understanding of what had happened there. In the end, I don't want my server to produce alarms at other people's sites. I tried to find the cause of the problem on my side and couldn't, thus I suggested a working hypothesis to the complaining (yes he was complaining) admin. So my question which you cited below was really about the criteria that need to be met for the NetScreen hw/sw to classify something as a port scan. Pure diagnostic information. As I mentioned earlier, the admin hasn't contacted me since I posted my hypothesis with the web mailer which I don't quite like either because I'd prefer a message that says "It's alright, it wasn't your fault." or "We still don't know what's wrong. Can you investigate further using this pile of low-level details?" Of course I'd prefer the first one since it means less work for me but the second one would also be fine with me. And on a last note: I didn't mean to be sneaky, I just wanted some advice as to the origins since I thought I might have missed something. For that, this list seemed appropriate to me. Best wishes Clemens Nash Nipples wrote: > i believe that people who deployed netscreen are quite sure in what > they are doing and a friendly notice should not sound like a > complaint to u but instead become a solid ground to understanding > what could go wrong. Ofcourse if they proudly told you that they ARE > using the netscreen. Peeking on log entries provided to u and > announcing it on public doesnt make an electronic robinhood scene. > unless this is a.. "Do you guys know how does the damn netscreen > detect portscans, really..?" > >> 3. Does anyone know when the NetScreen hardware / software labels >> something "port scan"? > > isnt that an indirect hit? i suggest u ask ur question directly to > the sender dropping this sneaky habbits in freebsd-security list. > thats what it is about
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44C0A1BE.4050500>