|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Arbor Networks DoS defense product
----- Original Message ----- From: "Dan Hollis" <[email protected]> > On Wed, 15 May 2002, PJ wrote: > > If it's a crime, someone should have no problem citing the code. If > > it's not a crime, than I am guilty of nothing and should have nothing > > to fear. > > Do let us know how your portscans of US military networks goes... > We get email regularly in our ARIN contact email box about port scans. Most of it is like the one below about a SubSeven scan. AFAIK we have never been officially ordered to cease and desist. In some instances we have been subpoenaed for our records relating to criminal activity, but at this juncture scanning is not illegal. Do we care? Yes. Do we try to stop it? Yes. Do we cancel customer accounts for such activity? Yes. Can we be held responsible for all activity originating from our IP space, probably, but it's a hell of a job tracking down all the abuse complaints from our AS. --mval ******************* This email is for your information. It is *not* a request for any specific action. It was automatically generated, but all replies will be handled personally. A host/port sweep 20020419 Port 27374 Sweep of subnet(s): 128.49.6 From <snip> Starttime Fri Apr 19 17:57:20; Endtime Fri Apr 19 17:58:08; Port 27374: attempts on about 238 addresses. was logged at this United States Department of Defense facility, apparently originating from one of your machines. The time zone is PDT (Greenwich -7 hours). Suggested interpretations: 1. One of your machines has been compromised/infected and is scanning our networks. 2. One of your users is scanning our networks. 3. (Uncommon) The source address is spoofed and another machine (probably on the same network as the source address) is doing the scanning. Thank you for your attention. --Intrusion Detection Team [email protected] SPAWARSYSCEN San Diego *********************
|