From owner-freebsd-isp Wed Apr 4 13:15:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id 4E4FF37B71F for ; Wed, 4 Apr 2001 13:15:28 -0700 (PDT) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f34KFUc46055 for ; Wed, 4 Apr 2001 16:15:30 -0400 (EDT) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Wed, 4 Apr 2001 16:15:30 -0400 (EDT) From: Chet Hosey To: Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <20010404145617.B879@laptop.os2warp.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" > > To: Kal Torak > > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message