[2165] in linux-security and linux-alert archive
[linux-security] Re: Port 7 scan
daemon@ATHENA.MIT.EDU (Copp, Carlton)
Thu Jun 10 07:30:42 1999
From: "Copp, Carlton" <Carlton.Copp@cendant.com>
To: "'EW1 Coral J. Cook'" <ccook@nosc.mil>
Cc: "'linux-security@redhat.com'" <linux-security@redhat.com>
Date: Wed, 9 Jun 1999 14:26:09 -0400
Old-Return-Receipt-To: "Copp, Carlton" <Carlton.Copp@cendant.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BEB2A5.BAF00956
Content-Type: text/plain
How do you know the host is non-existent? Have you confirmed that you they
are spoofing? What does the scan look like? Is it a stealth scan with a
single packet or something more robust? If you find that they are spoofing,
then the only thing that they could be trying to accomplish is what I call a
"Human Denial of Service (HDOS)". They are trying to drive you crazy,
searching for a vulnerability that doesn't exist. It is so easy to spit
garbage into other peoples systems that it isn't funny. I am interesting in
knowing if you find something other than the so called HDOS attack.
The ultimate solution to the spoof problem is to implement something called
"Network Ingress Filtering". Look it up with your favorite search engine.
I think there may be an RFC on it.
Carlton Copp
> -----Original Message-----
> From: EW1 Coral J. Cook [SMTP:ccook@nosc.mil]
> Sent: Wednesday, June 09, 1999 11:18 AM
> To: linux-security@redhat.com
> Subject: [linux-security] Port 7 scan
>
> Over the last several day, we've been getting pretty regular scans from a
> non-existant host on our port 7. Any idea what they are looking for/what
> are
> some of vulnerabilites with echo?
>
> Thanks
>
> Coral Cook
>
> --
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
>
> To unsubscribe:
> mail -s unsubscribe linux-security-request@redhat.com < /dev/null
------_=_NextPart_001_01BEB2A5.BAF00956
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>RE: [linux-security] Port 7 scan</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">How do you know the =
host is non-existent? Have you confirmed that you they are =
spoofing? What does the scan look like? Is it a stealth =
scan with a single packet or something more robust? If you find that =
they are spoofing, then the only thing that they could be trying to =
accomplish is what I call a "Human Denial of Service =
(HDOS)". They are trying to drive you crazy, searching for a =
vulnerability that doesn't exist. It is so easy to spit garbage =
into other peoples systems that it isn't funny. I am interesting =
in knowing if you find something other than the so called HDOS =
attack.</FONT></P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">The ultimate =
solution to the spoof problem is to implement something called =
"Network Ingress Filtering". Look it up with your =
favorite search engine. I think there may be an RFC on =
it.</FONT></P>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Tahoma">Carlton Copp</FONT>
</P>
<UL>
<P><FONT SIZE=3D1 FACE=3D"Arial">-----Original Message-----</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">From: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">EW1 Coral J. Cook [SMTP:ccook@nosc.mil]</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Sent: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">Wednesday, June 09, 1999 11:18 AM</FONT>
<BR><B><FONT SIZE=3D1 =
FACE=3D"Arial">To: </FONT></B> <FONT SIZE=3D1 =
FACE=3D"Arial">linux-security@redhat.com</FONT>
<BR><B><FONT SIZE=3D1 =
FACE=3D"Arial">Subject: </FONT>=
</B> <FONT SIZE=3D1 FACE=3D"Arial">[linux-security] Port 7 scan</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Over the last several day, we've been =
getting pretty regular scans from a</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">non-existant host on our port 7. Any =
idea what they are looking for/what are</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">some of vulnerabilites with =
echo?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Coral Cook</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">-- </FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">---------------------------------------------------------=
-------------</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Please refer to the information about =
this list as well as general</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">information about Linux security =
at</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"><A =
HREF=3D"http://www.aoy.com/Linux/Security" =
TARGET=3D"_blank">http://www.aoy.com/Linux/Security</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Arial">.</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">---------------------------------------------------------=
-------------</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">To unsubscribe:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> mail -s unsubscribe =
linux-security-request@redhat.com < /dev/null</FONT>
</P>
</UL>
</BODY>
</HTML>
------_=_NextPart_001_01BEB2A5.BAF00956--
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
