Re: Port scan from Apache?
Hi Nash,
I'm not sure I really understand what you're up to. In any case, let me
clarify that my whole intention was to get a better understanding of
what had happened there. In the end, I don't want my server to produce
alarms at other people's sites. I tried to find the cause of the problem
on my side and couldn't, thus I suggested a working hypothesis to the
complaining (yes he was complaining) admin.
So my question which you cited below was really about the criteria that
need to be met for the NetScreen hw/sw to classify something as a port
scan. Pure diagnostic information.
As I mentioned earlier, the admin hasn't contacted me since I posted my
hypothesis with the web mailer which I don't quite like either because
I'd prefer a message that says
"It's alright, it wasn't your fault."
or
"We still don't know what's wrong. Can you investigate further using
this pile of low-level details?"
Of course I'd prefer the first one since it means less work for me but
the second one would also be fine with me. And on a last note: I didn't
mean to be sneaky, I just wanted some advice as to the origins since I
thought I might have missed something. For that, this list seemed
appropriate to me.
Best wishes
Clemens
Nash Nipples wrote:
> i believe that people who deployed netscreen are quite sure in what
> they are doing and a friendly notice should not sound like a
> complaint to u but instead become a solid ground to understanding
> what could go wrong. Ofcourse if they proudly told you that they ARE
> using the netscreen. Peeking on log entries provided to u and
> announcing it on public doesnt make an electronic robinhood scene.
> unless this is a.. "Do you guys know how does the damn netscreen
> detect portscans, really..?"
>
>> 3. Does anyone know when the NetScreen hardware / software labels
>> something "port scan"?
>
> isnt that an indirect hit? i suggest u ask ur question directly to
> the sender dropping this sneaky habbits in freebsd-security list.
> thats what it is about
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 16 之 16 篇):