From owner-freebsd-security Thu Dec 14 17:32:54 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 14 17:32:51 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 3934F37B400 for ; Thu, 14 Dec 2000 17:32:49 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 146jjv-0000Az-00; Fri, 15 Dec 2000 03:32:51 +0200 Date: Fri, 15 Dec 2000 03:32:51 +0200 (IST) From: Roman Shterenzon To: Mikhail Kruk Cc: Subject: Re: mindspring complains about intrusive port scans In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Seems like traceroute to me, and I don't see anything violative here. They're just not used to udp traceroute I guess. Windows uses icmp traceroutes. On Thu, 14 Dec 2000, Mikhail Kruk wrote: > Hi > I got the following message from my DSL provider. > I think that the logs they show are caused by me running ping and > traceroute on some host on their network. (note that I've substituted my > ip by xxx.xxx.xxx.xxx in the logs just in case) > > So my questions are: > a) is there any chance that I'm wrong and this log is not caused by > ping/traceroute? > b) can they accuse me of violating anything because I run traceroute? > Sounds like bs to me... > > included message: > > >From abuse@mindspring.net Thu Dec 14 20:23:57 2000 > Date: Thu, 14 Dec 2000 17:27:13 -0500 (EST) > From: abuse@mindspring.net > To: bkruk@ix.netcom.com > Subject: Issue 001214-18234395 > > Hello, > > We have recently received a complaint of intrusive port scans. Upon > investigating, we have determined that this alleged abuse is originating > from your account. In a case like this, we like to let you know about the > report, so that you may take a moment to review our policies regarding > network unfriendly activity and netiquette. It is our hope that by > notifying you of the report, we are helping to avoid any further incidents > of this nature. > > Please view our appropriate use policy, it is available at: > > http://www.mindspring.net/aboutms/policy.html > > Pay particular attention to the following section: > > "Privacy violations: > Attempts, whether successful or unsuccessful, to gain access to any > electronic systems, networks or data, without proper consent, are > prohibited." > > These types of cases are often escalated by some sort of misunderstanding, > by keeping us informed, you will be helping us avoid that. > > Regards, > > Erich Hablutzel > > EarthLink/MindSpring AUP Abuse Investigator > > ----------------------------------------------------------------------------- > > portion of logs detailing incident: > > > FWIN,2000/12/11,18:39:54 +10:00 > GMT,xxx.xxx.xxx.xxx:0,203.164.30.182:0,ICMP > > FWIN,2000/12/11,18:40:16 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33489,UDP > > FWIN,2000/12/11,18:40:20 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33490,UDP > > WIN,2000/12/11,18:40:26 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33491,UDP > ----------------------------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message