RE: [cobalt-users] PortSentry works !

["Clark E. Morgan" <prlhkr@xxxxxxxxxxxxx>]

Nico

> The sign is on your neck the second you start *thinking* about
> putting a box
> online. I say, wear it with pride. :-)

Alas, only too true. That's very funny.

> Legal stuff is involved with honeypots and honeynets. Turn to
> http://www.wired.com/news/culture/0,1284,42233,00.html for some
> details. So
> the question would arise whether or not such a list would even be legal to
> share. Or am I overdoing it here?

This is opinion of course; but I should think that if you said "there's an
entry
in my logfile to the effect that so and so scaned port 111 repeatedly"
rather
than "so and so hacked me" you'd be on safe legal ground and leave the
decision
to the subscriber.

> I'd hate to send some young guy to the everlasting Nirvana bitbucket that
> might well my customer once the pimples fade away, just because he treated
> you bad.

I indiscriminately consign port scanning ips into oblivion. There's plenty
of
business out there.

> ... and have "someplace else" get hacked. Kewl! Who has an old NT
> box lying
> around? <grin>

Actually, I just meant that there were people better suited than myself
to securing such an obvious target.

> If certain rules apply, this list could be of great value of course. I am
> not denying you that, but I hope an IP won't get dropped on the
> list because
> of one scan. In the past I have done some portscans, although very few, to
> find out what other companies & universities were doing to secure their
> network. A scan *can* be educational.

Why not? If it's insecure, it's insecure. And if it really is plain old
intellectual curiosity that's motivating you, drop me a line and say so.
I'll work with any demonstrably well intentioned "friends" to mutually shore
ourselves up against these little pricks.

Clark
>