Server Probing

Thu Jan 31 23:41:13 UTC 2013

"Exact" is probably the wrong term, there's a difference between sitting 
on one's computer and sending a tcp packet to another computer than 
physically going on to one's property with the intention of looking for 
entry points. The former is something that I do out of interest, 
interest in finding out what a server on a network might be running, 
improve my networking skills, and so-forth, it might be, frankly, quite 
arbitrary deemed "really bad" by corporates that have left holes that 
clever crackers are able to exploit and steal stuff and sure, I am not 
advocating that and understand that it is theft and so-forth, but 
frankly, scanning a host is hardly a major criminal offence and it's an 
excessive use of legal power to assert that it is tantamount to some 
burglar trying to break in to a building or something.

On 02/01/2013 11:03 AM, Tom Burke wrote:
> Unless you have permission, that's exactly what it is.  Why else would you
> be rattling their firewall, except to probe their vulnerabilities?
>
> And if you're probing their vulnerabilities without permission, then why
> are you doing it?
>
> IIRC, there is, in fact, legal precedence on this, too.
>
> On a related note, I used to drop *.apnic.* into my filters, and that got
> rid of over 80% of the door rattling.
>
> Of course, it pretty much blocked everyone in China, Japan, New Zealand,
> Australia, and so on..
>
> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey <
> geofrey.rainey at enterpriseit.co.nz> wrote:
>
>> I just don't think rattling locks and peeking in windows is analogous to
>> sending a few tcp packets to a server on the internet really.
>>
>> On 02/01/2013 01:20 AM, Tom Curl wrote:
>>
>>> Unless you have permission from the owner of the server, you should be
>>> banned. Gee, I just think I'll rattle the locks on your doors and peak
>>> through your windows just to see what you are doing Geofrey.
>>>
>>>
>>>
>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote:
>>>
>>>> I don't think i'd advise permanently blocking IP's - sometimes I nmap an
>>>> IP just because I am interested to see what's running or whatever but
>>>> wouldn't expect to be "banned" for doing this...
>>>>
>>>>
>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote:
>>>>
>>>>> Yeah, even my small home server which is not advertised anywhere gets
>>>>> scanned daily. They are always trying to brute force into FTP, or SSH. I
>>>>> use iptables to block those IPs completely.
>>>>>
>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor <NFlorez at sdcwa.org>
>>>>> wrote:
>>>>>
>>>>>   THANKS!!!
>>>>>> Né§t☼r
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: redhat-list-bounces at redhat.com [mailto:
>>>>>> redhat-list-bounces at redhat.com**] On Behalf Of m.roth at 5-cent.us
>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM
>>>>>> To: General Red Hat Linux discussion list
>>>>>> Subject: RE: Server Probing
>>>>>>
>>>>>> Florez, Nestor wrote:
>>>>>>
>>>>>>> [mailto:redhat-list-bounces@**redhat.com<redhat-list-bounces at redhat.com>]
>>>>>>> On Behalf Of Florez, Nestor
>>>>>>>
>>>>>>>   I will take a look at fail2ban
>>>>>>> You guys mentioned fail2ban, Does redhat has it available? Where?
>>>>>>>
>>>>>> epel.
>>>>>>
>>>>>>            mark
>>>>>>
>>>>>> --
>>>>>> redhat-list mailing list
>>>>>> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
>>>>>> ?subject=unsubscribe
>>>>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> redhat-list mailing list
>>>>>> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
>>>>>> ?subject=unsubscribe
>>>>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>>>
>>>>>>   --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
>>>> ?subject=unsubscribe
>>>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>>>>
>>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request at redhat.com>
>> ?subject=unsubscribe
>> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>