Re: RPAT - Realtime Proxy Abuse Triangulation

From: Mathias Wegner (mwegnerat_private)
Date: Tue Dec 24 2002 - 09:21:31 PST

Next message: alfaentomega: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"

Previous message: Tomo: "NIMDA - ceased ? -"
In reply to: Kurt Seifried: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Gary Flynn: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Reply: Gary Flynn: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I would be very nervous about running this, remote SNMP queries of someone
> elses system (say a .gov or .mil proxy) may be considered illegal activity
> in some jurisdictions.

Depending on the SNMP daemon, it would/should be as illegal as opening an ssh
investigating the system from the command line.  Most SNMP offers at least
some amount of configuration via the read/write community.  I know that when
I see SNMP queries on network hardware that I manage, I consider it hostile
activity.

mathias

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: alfaentomega: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Previous message: Tomo: "NIMDA - ceased ? -"
In reply to: Kurt Seifried: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Gary Flynn: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Next in thread: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Reply: Gary Flynn: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:51:51 PST