Yeah, scanning for open ports on someone else's server, without permission, isn't exactly like trying the doorknobs, but it's definitely akin to walking around a house, noting what type of doors and windows they have. Sure, you could just be practicing your surveillance skills, but that doesn't make it better. I don't have any measures in place to block someone from doing a ping sweep, but if you do get blocked for doing one, you really shouldn't be too surprised. On Fri, Feb 1, 2013 at 8:43 AM, Corey Kovacs <corey.kovacs@xxxxxxxxx> wrote: > Scanning someone's ports, in my mind is tantamount to "casing" my home. You > would not, for any reasonable explanation, come and check the doors and > windows to my home and if you did, you'd be in for a world of hurt. There > is legitimate reason for someone to do that. Your "explanation" that it is > somehow "education" is a bit ridiculous as you could easily set up a lab if > you were serious. About the only semi-legitimate "scan" might be a ping > sweep to see what providers were using what ip ranges etc to make a map or > something else that has already been done, so that's borderline as well. A > localized comparison is war-driving for unsuspecting people who might not > be as technically "clued in" as others. Just because they leave the front > door open, doesn't not mean you are welcome to anything exposed by that > mistake. > > My $0.02 > > -C > > On Thu, Jan 31, 2013 at 11:14 PM, AMD Paulius_J Jazauskas < > amdpaulius@xxxxxxxxx> wrote: > > > Well, only looking on what's inside a server is not so bad, but most of > the > > time a "brute force" comes after a "look". > > > > If I understand correct, *apnic* is like an asian network center which > > gives IPs for a very wide region. I agree, blocking China would > definitely > > reduce the "door rattling" by more than 50% (but it would probably take > all > > day to type all ranges), once I tracked many attacker IPs and most of > them > > were from asia, but I found out that they may take over some European > > servers too, and then use them for scanning, brute forcing. > > > > Actually sometimes I get angry at all those spammers, scammers, phishers. > > Who do they think they are, acting without any morality. > > > > On Fri, Feb 1, 2013 at 1:41 AM, geofrey rainey < > > geofrey.rainey@xxxxxxxxxxxxxxxxxx> wrote: > > > > > "Exact" is probably the wrong term, there's a difference between > sitting > > > on one's computer and sending a tcp packet to another computer than > > > physically going on to one's property with the intention of looking for > > > entry points. The former is something that I do out of interest, > interest > > > in finding out what a server on a network might be running, improve my > > > networking skills, and so-forth, it might be, frankly, quite arbitrary > > > deemed "really bad" by corporates that have left holes that clever > > crackers > > > are able to exploit and steal stuff and sure, I am not advocating that > > and > > > understand that it is theft and so-forth, but frankly, scanning a host > is > > > hardly a major criminal offence and it's an excessive use of legal > power > > to > > > assert that it is tantamount to some burglar trying to break in to a > > > building or something. > > > > > > > > > > > > On 02/01/2013 11:03 AM, Tom Burke wrote: > > > > > >> Unless you have permission, that's exactly what it is. Why else would > > you > > >> be rattling their firewall, except to probe their vulnerabilities? > > >> > > >> And if you're probing their vulnerabilities without permission, then > why > > >> are you doing it? > > >> > > >> IIRC, there is, in fact, legal precedence on this, too. > > >> > > >> On a related note, I used to drop *.apnic.* into my filters, and that > > got > > >> rid of over 80% of the door rattling. > > >> > > >> Of course, it pretty much blocked everyone in China, Japan, New > Zealand, > > >> Australia, and so on.. > > >> > > >> On Thu, Jan 31, 2013 at 4:43 PM, geofrey rainey < > > >> geofrey.rainey@enterpriseit.**co.nz < > geofrey.rainey@xxxxxxxxxxxxxxxxxx > > >> > > >> wrote: > > >> > > >> I just don't think rattling locks and peeking in windows is analogous > > to > > >>> sending a few tcp packets to a server on the internet really. > > >>> > > >>> On 02/01/2013 01:20 AM, Tom Curl wrote: > > >>> > > >>> Unless you have permission from the owner of the server, you should > be > > >>>> banned. Gee, I just think I'll rattle the locks on your doors and > peak > > >>>> through your windows just to see what you are doing Geofrey. > > >>>> > > >>>> > > >>>> > > >>>> On Thu, 2013-01-31 at 10:13 +1300, geofrey rainey wrote: > > >>>> > > >>>> I don't think i'd advise permanently blocking IP's - sometimes I > nmap > > >>>>> an > > >>>>> IP just because I am interested to see what's running or whatever > but > > >>>>> wouldn't expect to be "banned" for doing this... > > >>>>> > > >>>>> > > >>>>> On 01/30/2013 06:56 PM, AMDPaulius Paulius wrote: > > >>>>> > > >>>>> Yeah, even my small home server which is not advertised anywhere > > gets > > >>>>>> scanned daily. They are always trying to brute force into FTP, or > > >>>>>> SSH. I > > >>>>>> use iptables to block those IPs completely. > > >>>>>> > > >>>>>> On Wed, Jan 30, 2013 at 1:46 AM, Florez, Nestor < > NFlorez@xxxxxxxxx> > > >>>>>> wrote: > > >>>>>> > > >>>>>> THANKS!!! > > >>>>>> > > >>>>>>> Né§t☼r > > >>>>>>> > > >>>>>>> > > >>>>>>> -----Original Message----- > > >>>>>>> From: redhat-list-bounces@xxxxxxxxxx [mailto: > > >>>>>>> redhat-list-bounces@xxxxxxxxxx****] On Behalf Of > m.roth@xxxxxxxxx > > >>>>>>> Sent: Tuesday, January 29, 2013 2:30 PM > > >>>>>>> To: General Red Hat Linux discussion list > > >>>>>>> Subject: RE: Server Probing > > >>>>>>> > > >>>>>>> Florez, Nestor wrote: > > >>>>>>> > > >>>>>>> [mailto:redhat-list-bounces@****redhat.com <http://redhat.com>< > > >>>>>>>> redhat-list-**bounces@xxxxxxxxxx < > redhat-list-bounces@xxxxxxxxxx > > >>] > > >>>>>>>> On Behalf Of Florez, Nestor > > >>>>>>>> > > >>>>>>>> I will take a look at fail2ban > > >>>>>>>> You guys mentioned fail2ban, Does redhat has it available? > Where? > > >>>>>>>> > > >>>>>>>> epel. > > >>>>>>> > > >>>>>>> mark > > >>>>>>> > > >>>>>>> -- > > >>>>>>> redhat-list mailing list > > >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com< > > http://redhat.com> > > >>>>>>> <redhat-list-request@**redhat.com < > redhat-list-request@xxxxxxxxxx > > >> > > >>>>>>> ?subject=unsubscribe > > >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list< > > https://www.redhat.com/**mailman/listinfo/redhat-list> > > >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list< > > https://www.redhat.com/mailman/listinfo/redhat-list> > > >>>>>>> > > > >>>>>>> > > >>>>>>> > > >>>>>>> -- > > >>>>>>> redhat-list mailing list > > >>>>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com< > > http://redhat.com> > > >>>>>>> <redhat-list-request@**redhat.com < > redhat-list-request@xxxxxxxxxx > > >> > > >>>>>>> ?subject=unsubscribe > > >>>>>>> https://www.redhat.com/****mailman/listinfo/redhat-list< > > https://www.redhat.com/**mailman/listinfo/redhat-list> > > >>>>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list< > > https://www.redhat.com/mailman/listinfo/redhat-list> > > >>>>>>> > > > >>>>>>> > > >>>>>>> -- > > >>>>>>> > > >>>>>> redhat-list mailing list > > >>>>> unsubscribe mailto:redhat-list-request@**r**edhat.com< > > http://redhat.com> > > >>>>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx > >> > > >>>>> ?subject=unsubscribe > > >>>>> https://www.redhat.com/****mailman/listinfo/redhat-list< > > https://www.redhat.com/**mailman/listinfo/redhat-list> > > >>>>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list< > > https://www.redhat.com/mailman/listinfo/redhat-list> > > >>>>> > > > >>>>> > > >>>>> > > >>>> -- > > >>> redhat-list mailing list > > >>> unsubscribe mailto:redhat-list-request@**r**edhat.com< > > http://redhat.com> > > >>> <redhat-list-request@**redhat.com <redhat-list-request@xxxxxxxxxx>> > > >>> ?subject=unsubscribe > > >>> https://www.redhat.com/****mailman/listinfo/redhat-list< > > https://www.redhat.com/**mailman/listinfo/redhat-list> > > >>> <h**ttps://www.redhat.com/mailman/**listinfo/redhat-list< > > https://www.redhat.com/mailman/listinfo/redhat-list> > > >>> > > > >>> > > >> > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:redhat-list-request@**redhat.com< > > redhat-list-request@xxxxxxxxxx> > > > ?subject=unsubscribe > > > https://www.redhat.com/**mailman/listinfo/redhat-list< > > https://www.redhat.com/mailman/listinfo/redhat-list> > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- - Stephen Gilbert -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
