Firewalls: Re: ISS scanning from tostada.engr.ucdavis.edu

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: ISS scanning from tostada.engr.ucdavis.edu
From:	Christopher Klaus <cklaus @ shadow . net>
Date:	Mon, 9 Jan 1995 14:40:39 -0500 (EST)
To:	syshtg @ gsusgi2 . gsu . edu (Tom Gillman)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9501091310 . AA08788 @ gsusgi2 . gsu . edu> from "Tom Gillman" at Jan 9, 95 08:10:36 am

I totally disapprove of miscreants abusing ISS.  ISS is intended for 
scanning your own networks with which you are authorized to scan.  

I highly recommend setting up tcp_wrappers and checking logs to see
if anyone is using ISS to knock on your doors.  If so, please
report the site that the scanning is coming from to CERT and probably
would be a good idea to get in touch with the admin's of that site
by doing whois site.com or site.edu .  Other possible ways to
protect yourself would be to block that site from your routers before the 
scanning is complete if possible.   Also, I highly recommend you check
your own security by running ISS so you know atleast what the intruder knows.

Sincerely,
Christopher


-- 
Christopher William Klaus	Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc.		Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.

References:

ISS scanning from tostada.engr.ucdavis.edu
From: syshtg @ gsusgi2 . gsu . edu (Tom Gillman)

Indexed By Date	Previous:	Re: ISS scanning from tostada.engr.ucdavis.edu From: Christopher Klaus <cklaus @ shadow . net>
Indexed By Date	Next:	Re: ISS scanning from tostada.engr.ucdavis.edu From: kidaj @ ustcunclass . safb . af . mil (John H. Kida)
Indexed By Thread	Previous:	Re: ISS scanning from tostada.engr.ucdavis.edu From: Christopher Klaus <cklaus @ shadow . net>
Indexed By Thread	Next:	Re: ISS scanning from tostada.engr.ucdavis.edu From: kidaj @ ustcunclass . safb . af . mil (John H. Kida)