[Snort-users] [PEN-TEST] Clarification on illegal use of ISS Internet Scanner (fwd)

Fyodor fygrave at ...121...
Tue Aug 15 11:50:13 EDT 2000

A bit offtopic but just curiousity if anyone has any details on format of
ISS scanner fingerprints. Had I licenced ISS scanner, I'd probably be able
to dump that.. uhmm.. :)

---------- Forwarded message ----------
Date: Tue, 15 Aug 2000 10:04:45 -0400
From: "Curphey, Mark (ISS Atlanta)" <MCurphey at ...325...>
Reply-To: Penetration Testers <PEN-TEST at ...220...>
To: PEN-TEST at ...220...
Subject: [PEN-TEST] Clarification on illegal use of ISS Internet Scanner

To clarify a recent thread ......

If you look within one of the Network Sensor policies underneath the Scanner
events, there is an event called "ISS" that detects if an Internet Scanner
scan is taking place. If your Network Sensor detects this activity
(depending on how your responses are set), it will display the event on your
Console. This event will also show the OCN number of the license key for the
owner of the Internet Scanner software.

No traffic is sent back to ISS regarding this. A RealSecure user can contact
ISS who can then deal with the matter, via an internal policy i.e ISS will
not just tell you the owner of that software lisense.

More information about the Snort-users mailing list