[Snort-users] Win* machines - port 139 scans

John A. Bornt greywolf at ...541...
Tue Oct 3 00:24:31 EDT 2000


After reading this whole thing I'm trying to figure out which one of you
works for BellSouth. Just kidding. I appreciate your comments and you are
both right of course. It's also great to see people who take customer
response seriously.

Perhaps I was misled by earlier dealings with other ISP's, because as I have
said this was never an issue before. And, for the record, the company I
worked for was also a reseller of BellSouth digital services and I had a
good rapport with, and level of support from, their NOC. When the scans
started coming I searched the Bellsouth.net web page for an email address to
forward security issues to. I could not find it so I sent a message to
support@ hoping it would find someone. It did, and they replied that the
message had been forwarded to the security people. I was fairly detailed in
the message about where we were located, how to reach me via phone, and
included the captures. I did not include my timezone for reasons I've stated
earlier. I always had prompt telephonic response from the NOC on service
issues, and I expected the same from their security department, but in this
case I got a canned e-mail telling me that without the timezone they could
do nothing. Frustrating to be sure and decidedly less in terms of level of
service than I was accustomed to from them. We were certainly not a random
person, given that we used them for Internet access, resold their frame and
ISDN services, and interacted with various levels of their support
department on almost a daily basis.

Shortly after that I began preparing to move to another job and did not get
a chance to follow-up with them. I'm sure they, like most security
professionals, are busy people. It took three days for them to get the
canned message out to me but that didn't bother me. I was busy too, and I
was doing the detection and analysis on my own time since the company
mindset was that our firewall was security enough. To be honest, I was just
having fun playing with Snort. The whole purpose in my response to this list
was simply to show how prevalent the scans were that Lance had put on his
site. I didn't get into details earlier because the first post was about the
scans, not timezones. But if I offended anyone, mea culpa. Thanks for your
insights.

Regards,

John




More information about the Snort-users mailing list