Paul M. Tiedemann said the following on Mon, Jan 07, 2002 at 07:53:08PM -0500, [snip] > If you think the process > through with port scanning it just doesn't make sense that the originating > machine would not wish to receive any information about what ports are open > on your machine. That being said I think that if you are actually being > port scanned you will find that one of the ip addresses you will see is the > originating machine. Not always true. If an upstream host was compromised, you could use agent systems to scan and have the compromised host sniff the return packets, by using perishable zombies you can avoid detection of the host which is collecting the data. -- Dave Ryan Security Advisor dave.ryanat_private Computer Incident Response Team ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 09:34:15 PST