Server Probing

Stephen Gilbert linuxelf at gmail.com
Fri Feb 1 14:08:27 UTC 2013 

Yeah, scanning for open ports on someone else's server, without permission,
isn't exactly like trying the doorknobs, but it's definitely akin to
walking around a house, noting what type of doors and windows they have.
Sure, you could just be practicing your surveillance skills, but that
doesn't make it better. I don't have any measures in place to block someone
from doing a ping sweep, but if you do get blocked for doing one, you
really shouldn't be too surprised.


On Fri, Feb 1, 2013 at 8:43 AM, Corey Kovacs <corey.kovacs at gmail.com> wrote:

> Scanning someone's ports, in my mind is tantamount to "casing" my home. You
> would not, for any reasonable explanation, come and check the doors and
> windows to my home and if you did, you'd be in for a world of hurt. There
> is legitimate reason for someone to do that. Your "explanation" that it is
> somehow "education" is a bit ridiculous as you could easily set up a lab if
> you were serious. About the only semi-legitimate "scan" might be a ping
> sweep to see what providers were using what ip ranges etc to make a map or
> something else that has already been done, so that's borderline as well. A
> localized comparison is war-driving for unsuspecting people who might not
> be as technically "clued in" as others. Just because they leave the front
> door open, doesn't not mean you are welcome to anything exposed by that
> mistake.
>
> My $0.02
>
> -C
>
> On Thu, Jan 31, 2013 at 11:14 PM, AMD Paulius_J Jazauskas <
> amdpaulius at gmail.com> wrote:
>
> > Well, only looking on what's inside a server is not so bad, but most of
> the
> > time a "brute force" comes after a "look".
> >
> > If I understand correct, *apnic* is like an asian network center which
> > gives IPs for a very wide region. I agree, blocking China would
> definitely
> > reduce the "door rattling" by more than 50% (but it would probably take
> all
> > day to type all ranges), once I tracked many attacker IPs and most of
> them
> > were from asia, but I found out that they may take over some European
> > servers too, and then use them for scanning, brute forcing.
> >
> > Actually sometimes I get angry at all those spammers, scammers, phishers.
> > Who do they think they are, acting without any morality.
> >
> > On Fri, Feb 1, 2013 at 1:41 AM, geofrey rainey <
> > geofrey.rainey at enterpriseit.co.nz> wrote:
> >
> > > "Exact" is probably the wrong term, there's a difference between
> sitting
> > > on one's computer and sending a tcp packet to another computer than
> > > physically going on to one's property with the intention of looking for
> > > entry points. The former is something that I do out of interest,
> interest
> > > in finding out what a server on a network might be running, improve my
> > > networking skills, and so-forth, it might be, frankly, quite arbitrary
> > > deemed "really bad" by corporates that have left holes that clever
> > crackers
> > > are able to exploit and steal stuff and sure, I am not advocating that
> > and
> > > understand that it is theft and so-forth, but frankly, scanning a host
> is
> > > hardly a major criminal offence and it's an excessive use of legal
> power
> > to
> > > assert that it is tantamount to some burglar trying to break in to a
> > > building or something.
> > >
> > >
> > >
> > > On 02/01/2013 11:03 AM, Tom Burke wrote:
> > >
> > >> Unless you have permission, that's exactly what it is.  Why else would
> > you
> > >> be rattling their firewall, except to probe their vulnerabilities?
> > >>
> > >> And if you're probing their vulnerabilities without permission, then
> why
> > >> are you doing it?
> > >>
> > >> IIRC, there is, in fact, legal precedence on this, too.
> > >>
> > >> On a related note, I used to drop *.apnic.* into my filters, and that
> > got
> > >> rid of over 80% of the door rattling.
> > >>
> > >> Of course, it pretty much blocked everyone in China, Japan, New
> Zealand,
> > >> Australia, and so on..
> > >>
> > >> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey <
> > >> geofrey.rainey at enterpriseit.**co.nz <
> geofrey.rainey at enterpriseit.co.nz
> > >>
> > >> wrote:
> > >>
> > >>  I just don't think rattling locks and peeking in windows is analogous
> > to
> > >>> sending a few tcp packets to a server on the internet really.
> > >>>
> > >>> On 02/01/2013 01:20 AM, Tom Curl wrote:
> > >>>
> > >>>  Unless you have permission from the owner of the server, you should
> be
> > >>>> banned. Gee, I just think I'll rattle the locks on your doors and
> peak
> > >>>> through your windows just to see what you are doing Geofrey.
> > >>>>
> > >>>>
> > >>>>
> > >>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote:
> > >>>>
> > >>>>  I don't think i'd advise permanently blocking IP's - sometimes I
> nmap
> > >>>>> an
> > >>>>> IP just because I am interested to see what's running or whatever
> but
> > >>>>> wouldn't expect to be "banned" for doing this...
> > >>>>>
> > >>>>>
> > >>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote:
> > >>>>>
> > >>>>>  Yeah, even my small home server which is not advertised anywhere
> > gets
> > >>>>>> scanned daily. They are always trying to brute force into FTP, or
> > >>>>>> SSH. I
> > >>>>>> use iptables to block those IPs completely.
> > >>>>>>
> > >>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <
> NFlorez at sdcwa.org>
> > >>>>>> wrote:
> > >>>>>>
> > >>>>>>   THANKS!!!
> > >>>>>>
> > >>>>>>> Né§t☼r
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> -----Original Message-----
> > >>>>>>> From: redhat-list-bounces at redhat.com [mailto:
> > >>>>>>> redhat-list-bounces at redhat.com****] On Behalf Of
> m.roth at 5-cent.us
> > >>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM
> > >>>>>>> To: General Red Hat Linux discussion list
> > >>>>>>> Subject: RE: Server Probing
> > >>>>>>>
> > >>>>>>> Florez, Nestor wrote:
> > >>>>>>>
> > >>>>>>>  [mailto:redhat-list-bounces@****redhat.com <http://redhat.com><
> > >>>>>>>> redhat-list-**bounces at redhat.com <
> redhat-list-bounces at redhat.com
> > >>]
> > >>>>>>>> On Behalf Of Florez, Nestor
> > >>>>>>>>
> > >>>>>>>>   I will take a look at fail2ban
> > >>>>>>>> You guys mentioned fail2ban, Does redhat has it available?
> Where?
> > >>>>>>>>
> > >>>>>>>>  epel.
> > >>>>>>>
> > >>>>>>>            mark
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> redhat-list mailing list
> > >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> > http://redhat.com>
> > >>>>>>> <redhat-list-request@**redhat.com <
> redhat-list-request at redhat.com
> > >>
> > >>>>>>> ?subject=unsubscribe
> > >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> > https://www.redhat.com/**mailman/listinfo/redhat-list>
> > >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> > https://www.redhat.com/mailman/listinfo/redhat-list>
> > >>>>>>> >
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> redhat-list mailing list
> > >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> > http://redhat.com>
> > >>>>>>> <redhat-list-request@**redhat.com <
> redhat-list-request at redhat.com
> > >>
> > >>>>>>> ?subject=unsubscribe
> > >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> > https://www.redhat.com/**mailman/listinfo/redhat-list>
> > >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> > https://www.redhat.com/mailman/listinfo/redhat-list>
> > >>>>>>> >
> > >>>>>>>
> > >>>>>>>   --
> > >>>>>>>
> > >>>>>> redhat-list mailing list
> > >>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> > http://redhat.com>
> > >>>>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com
> >>
> > >>>>> ?subject=unsubscribe
> > >>>>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> > https://www.redhat.com/**mailman/listinfo/redhat-list>
> > >>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> > https://www.redhat.com/mailman/listinfo/redhat-list>
> > >>>>> >
> > >>>>>
> > >>>>>
> > >>>>  --
> > >>> redhat-list mailing list
> > >>> unsubscribe mailto:redhat-list-request@**r**edhat.com<
> > http://redhat.com>
> > >>> <redhat-list-request@**redhat.com <redhat-list-request at redhat.com>>
> > >>> ?subject=unsubscribe
> > >>> https://www.redhat.com/****mailman/listinfo/redhat-list<
> > https://www.redhat.com/**mailman/listinfo/redhat-list>
> > >>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list<
> > https://www.redhat.com/mailman/listinfo/redhat-list>
> > >>> >
> > >>>
> > >>
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@**redhat.com<
> > redhat-list-request at redhat.com>
> > > ?subject=unsubscribe
> > > https://www.redhat.com/**mailman/listinfo/redhat-list<
> > https://www.redhat.com/mailman/listinfo/redhat-list>
> > >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
- Stephen Gilbert

More information about the redhat-list mailing list