[PLUG] nmap, curiosity, and courtesy
Bill Thoen
bthoen at gisnet.com
Fri Sep 17 08:16:01 UTC 2004
On Fri, 17 Sep 2004, Keith Lofstrom wrote:
> The attempted ssh breakins that show up in my logs are getting lengthier
> if not any more successful. I am curious about the machines that are
I'm seeing those too. Same idea as the last wave of attacks; just more
tries on more passwords.
> I can do DNS lookups on them, of course, but I am curious about flavor
> of Linux they are using, etc. Among other things, this comes in handy
> when I am advising others about more vs. less secure versions of Linux.
You want to probe their defences and hack them back to shut 'em down?
IMHO, that would be doing everyone a favor by taking out garbage that's
really beginning to stink.
> I can run nmap against the offending machines, and find out more about
> them, but this seems impolite (Mom said "two wrongs do not make a
> right"), and possibly a source of trouble. What are the opinions here?
They're either criminals or hapless zombies. The former don't deserve a
polite response and the latter simply ought to be put out of their misery.
- Bill Thoen
More information about the PLUG
mailing list