[Snort-users] blocking nmap -P0 attack
frank at ...9761...
Mon Jan 10 14:46:11 EST 2005
On Mon, 2005-01-10 at 17:40 -0500, Matt Kettler wrote:
> >One thing that a lot of folks seem to overlook is that distributed
> >scanning is a hard reality.
> Is it? What about DScan? It's a very widely available tool for this very
A hard reality. As in "very real". I'm agreeing with you and tried to
further highlight it :)
> >Instead of a bot net, open proxy servers can be nicely used for
> >distributed/decoy/stealth scans. And there are still plenty of those
> >around :)
> True, but it's hard to get 10,000 open proxies. 10,000 windows machines
> that got infected by a mail virus are much easier to come by.
lol.... yeah, that's true. I have a hard time keeping a list of 80-100
current for a week. Proxies come and go. Infected PC's seem to stay
longer. (But also those have a life-expectancy. It'd be nice to see a
study that contrasts the average lifespan of a open proxy, a back-doored
server, and a rooted/bot'ed PC.)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users