I'd be very interested to hear some specifics
regarding the type of traffic that indicates that the
scanning system has been compromised, and how this
traffic might differ from traffic "seen" from a
malicioius user.
I still don't see how anyone can say "most" or "almost
all" without any hard info.
Carv
--- Gary Flynn <flynngn_at_JMU.EDU> wrote:
> "Forrester, Mike" wrote:
> >
> > From my experience (I work for a broadband ISP),
> most of our problems with
> > people scanning is from a compromised system. No,
> I don't have exact
> > numbers, but MOST is about right. ;)
>
> Mike,
>
> How do you determine if the box used for scanning is
> compromised? Do you take
> the owner's word? How about other ISPs listening
> here?
>
> --
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
>
> Please RUNSAFE
>
http://www.jmu.edu/computing/info-security/engineering/protecting_yourself.htm
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
Received on Oct 13 2000
Intro
