2000-05-23-09:35:37 Barry Hudson:
> As a new firewall admin I have a question for the white hats.
You can't tell the color of someone's hat over the internet:-).
> I log port scans and do a whois to locate the ISP that owns the
> ip address. My questions is what else can/should be done. I
> have no other reason to believe they got through or committed any
> crime. What else are you guys doing? I hope this is not to far
> off topic.
Probably not too far off-topic, but unfortunately probably not too
productive either.
If you search archives of either of the firewalls lists, or (I
expect) any of several newsgroups, you should be able to turn up
reams and acres of discussion (with loads of flames) on this topic.
I'm afraid I don't have any specific search threads for you, though.
I _think_ I can summarize the two sides that debate tends to settle
on. These sides tend to polarize really widely, diverge into
attempts to construct analogies, and then the flames burn. Please,
if we can avoid taking down this nice list I'd really appreciate it.
One side regards port scanning as within the bounds of reasonable
and proper exploration over the internet. The other side views it as
an attack in its own right.
My own view on this matter is that I retire from that debate
altogether, declining to hold a position. I harden firewalls and all
other hosts exposed to the internet to the point where they can't be
burgled, and then I ignore scans, since they won't do any good
against me.
-Bennett
- application/pgp-signature attachment: stored
Received on May 24 2000
Intro
