[Snort-users] Win* machines - port 139 scans
keydet89 at ...131...
Mon Oct 2 05:24:11 EDT 2000
> Well, given that Bellsouth only spans two timezones
> that I know of;
Again...since you didn't really post enough info to be
fully clear, I would guess that they were asking for
_your_ timezone information. Given that English
speaking people can now be reached all over the world,
almost instantaneously via the Internet, it's not hard
to imagine, I suppose.
> and that
> interpreting an FQDN for one's own subnets should be
> a no-brainer, I would
> think that they would be able to figure out how to
> extract the identity
> (i.e. username and phone number) of a user given the
> FQDN and timestamp. It
> might take a phone call or two between offices, but
> hey, they are a telco
Sure...I would agree. But if you're (you, personally)
in Sydney, Aus., it's going to make a big difference
over you being in Atlanta, Ga.
> To illustrate (taking some examples from Lance's
> adsl-78-193-159.mia.bellsouth.net 21Sep2000
> >>could this mean an adsl connection out of a Miami
> access server?
Sure...but it's irrelevant, really. What matters here
is what is in your logs, and what _you_ reported to
> Perhaps I'm oversimplifying, but given the amount of
> money that is paid for
> access I would think that the people at bellsouth
> could provide a little
> better service.
You'd be surprised...
> Further, if I provide information on
> my location
> geographically by city and state, how hard is it to
> extrapolate my timezone.
I have no idea. It would seem that it was important
enough to them to ask, however.
> If it isn't obvious, then there are numerous places
> (like maps) to look it
> Not one other ISP that I reported such activity to
> requested such
> information. It was, imho, a stall tactic. Sort of
> like, we hear you, and we
> feel your pain, but we've got better things to do.
> So, in the end it's not
> that it was too much to send "EST", but simply that
> I expected better from
> an upstream provider, especially one as large as
Well, in the end, it could very well have been a stall
tactic...who knows. I guess only the person who
responded to you will know. As the security officer
for a large telecomm, I take legitimate complaints
seriously...in fact, I've called dial-up customers
back, personally. However, I will have to admit that
I probably do not see all of the "hey, that guy
scanned me" emails, as they are likely handled
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
More information about the Snort-users