[Snort-users] blocking nmap -P0 attack

Frank Knobbe frank at ...9761...
Mon Jan 10 14:46:11 EST 2005


On Mon, 2005-01-10 at 17:40 -0500, Matt Kettler wrote:
> >One thing that a lot of folks seem to overlook is that distributed
> >scanning is a hard reality.
> 
> Is it? What about DScan? It's a very widely available tool for this very 
> purpose.

A hard reality. As in "very real". I'm agreeing with you and tried to
further highlight it :)

> >Instead of a bot net, open proxy servers can be nicely used for
> >distributed/decoy/stealth scans. And there are still plenty of those
> >around :)

> True, but it's hard to get 10,000 open proxies. 10,000 windows machines 
> that got infected by a mail virus are much easier to come by.

lol.... yeah, that's true. I have a hard time keeping a list of 80-100
current for a week. Proxies come and go. Infected PC's seem to stay
longer. (But also those have a life-expectancy. It'd be nice to see a
study that contrasts the average lifespan of a open proxy, a back-doored
server, and a rooted/bot'ed PC.)

Cheers,
Frank
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050110/3754a518/attachment.sig>


More information about the Snort-users mailing list