Date: Thu, 14 Dec 2000 18:39:54 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: meshko@cs.brandeis.edu (Mikhail Kruk) Cc: freebsd-security@FreeBSD.ORG Subject: Re: mindspring complains about intrusive port scans Message-ID: <200012150139.SAA00368@faith.cs.utah.edu> In-Reply-To: <Pine.LNX.4.30.0012142024000.31307-100000@daedalus.cs.brandeis.edu> from "Mikhail Kruk" at Dec 14, 2000 08:29:31 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Tell them to contact the person who sent the complaint in and educate them. They should NOT complain that someone tracerouted to or pinged them. Period. This is _normal_ behavior on the Internet. If they don't want to deal with traceroutes or pings, they should block it at their border and be done with it. The increasing port numbers in the high range suggest that it's a traceroute. The person whose IDS reported this system, and then they acted on it blindly, should be bopped on the head. -Dave Lo and behold, Mikhail Kruk once said: > > Hi > I got the following message from my DSL provider. > I think that the logs they show are caused by me running ping and > traceroute on some host on their network. (note that I've substituted my > ip by xxx.xxx.xxx.xxx in the logs just in case) > > So my questions are: > a) is there any chance that I'm wrong and this log is not caused by > ping/traceroute? > b) can they accuse me of violating anything because I run traceroute? > Sounds like bs to me... > > included message: > > >From abuse@mindspring.net Thu Dec 14 20:23:57 2000 > Date: Thu, 14 Dec 2000 17:27:13 -0500 (EST) > From: abuse@mindspring.net > To: bkruk@ix.netcom.com > Subject: Issue 001214-18234395 > > Hello, > > We have recently received a complaint of intrusive port scans. Upon > investigating, we have determined that this alleged abuse is originating > from your account. In a case like this, we like to let you know about the > report, so that you may take a moment to review our policies regarding > network unfriendly activity and netiquette. It is our hope that by > notifying you of the report, we are helping to avoid any further incidents > of this nature. > > Please view our appropriate use policy, it is available at: > > http://www.mindspring.net/aboutms/policy.html > > Pay particular attention to the following section: > > "Privacy violations: > Attempts, whether successful or unsuccessful, to gain access to any > electronic systems, networks or data, without proper consent, are > prohibited." > > These types of cases are often escalated by some sort of misunderstanding, > by keeping us informed, you will be helping us avoid that. > > Regards, > > Erich Hablutzel > > EarthLink/MindSpring AUP Abuse Investigator > > ----------------------------------------------------------------------------- > > portion of logs detailing incident: > > > FWIN,2000/12/11,18:39:54 +10:00 > GMT,xxx.xxx.xxx.xxx:0,203.164.30.182:0,ICMP > > FWIN,2000/12/11,18:40:16 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33489,UDP > > FWIN,2000/12/11,18:40:20 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33490,UDP > > WIN,2000/12/11,18:40:26 +10:00 > GMT,xxx.xxx.xxx.xxx:41374,203.164.30.182:33491,UDP > ----------------------------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012150139.SAA00368>