What do you do when someone decides to spoof a ton of scanning activity from someone they dislike, to get them on the list? If you only react to full connect scanning, you won't catch many bad guys, but if you don't require handshaking, you become a great tool for the abuse of others. -----Original Message----- From: Mark Ng [mailto:laptopalias1-markat_private] Sent: Tuesday, May 27, 2003 6:10 AM To: Justin Pryzby; Kurt Seifried Cc: incidentsat_private Subject: RE: Scans from proxyprotector.com > Or a site that lists hosts that should be blocked? Like the dynamic > email blocking: just cron a daily download and firewall rule update. > > Anyone up for this? I'd be up for lending a helping hand in a project such as this - it might take some brave soul to host it though. I would say you'd *definitely* need a lawyer on hand though to write a fairly waterproof usage policy. Any lawyers on list who would help out ? > > Justin Pryzby > > > > > Great. So that only took 2 weeks. Stellar. Does anyone know of > a site that Like the guy later on said - I suppose we should at least be thankful that they did anything at all. Although it appears sending mail to abuse@ didn't , and probably wouldn't have helped at all. Regards, Mark Ng (www.informationintelligence.net) ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 14:56:33 PDT