Firewalls: Doorknob twisting (fwd)

Firewalls
(December 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Doorknob twisting (fwd)
From:	tom @ pserv1 . dot . state . az . us (Tom Brink)
Date:	Wed, 28 Dec 94 13:57:40 MST
To:	firewalls @ greatcircle . com (Firewalls)
Reply-to:	tom @ pserv1 . dot . state . az . us

Brian Stormont writes:
> Date: Wed, 28 Dec 94 11:01:32 EST
> From: "Brian Stormont" <brian_stormont @
 projo .
 com>
> To: firewalls @
 greatcircle .
 com
> Subject: Doorknob twisting
> 
> Does anyone have a suggestion for response to probes of every port number on a
> certain ip address?   Should it just be ignored, or should the probing sites
> admin be contacted?    I realize it's not necessarily harmful activity, so I'm
> not looking for ideas for retribution; I was just curious was policy might make
> the most sense.
> 
> Recently we've started getting such broadband probes at our site.
> 
> Thanks,
> 
> -brian

By all means, contact the remote system admin.  I was recently contacted
by a major university that was receiving ntp (port 123) datagrams from my
WAN.  Turned out one of our vendors had broken NTP code that was spraying
out packets to random broadcast addresses.  The moral of the story, you
just might be doing them a favor... tom
-- 
Tom Brink tom @
 dot .
 state .
 az .
 us
Technical Support Specialist
Technical Research Center
Information Services Group
Arizona Department of Transportation

Indexed By Date	Previous:	Re: Doorknob twisting From: Rens Troost <rens @ imsi . com>
Indexed By Date	Next:	Issuing RFP From: jet @ abulafia . genmagic . com (J. Eric Townsend)
Indexed By Thread	Previous:	Bedposts and Doorknobs From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Next:	Re: Doorknob twisting (fwd) From: <mark_kadrich @ ins . com> (Mark S. Kadrich)