[PLUG] Re: nmap, curiosity, and courtesy (2)

[Roderick A. Anderson]

On Fri, 17 Sep 2004, Keith Lofstrom wrote:

> I got two replies saying "hack them and shut them down", which is
> illegal.  Please be careful, there are people in jail right now
> who suggested (even in jest) illegal acts on a mailing list, and
> a friend is about to be extradicted from Canada for that.  My
> question was about running nmap and investigating the offending
> sites, without penetrating them - does that break any laws, here
> or elsewhere, or cause other bad results - not about going Rambo.  

I personally mutter a lot under my breath and vent around the office when
I see them in my logs.  But my solution has been to put in iptables rules
to reject which tends to suck their connection in for a minute or two.  
   Second line is the allow_users setting in sshd_config.

My plans include adding the iptables tar-pit module to all my systems and
suck them in for several minutes (12-20 if I remember correctly).

Funny thing was last night I couldn't get to one of my systems to demo
some scripts because of these measures.  I'm by no means an expert/guru
(nor do I play one on Reality TV :-) but the simple things work and let me
sleep a little better.

> I am not concerned about oughtas, but real experiences.  I don't need
> my Comcast feed shut down because my own activities look like system
> cracking to their traffic analysis.   When I nmap my own site from
> another, for example, I always inform relevant sysadmins so they
> know what to expect.

I have no qualms about running nmap against a system that is abusing
(intentional or unintentional) my systems.  It should be thought of as
looking out the peep hole in the front door to see who is ringing the bell
or knocking on the door.  (Heck I've got some of them patterned -- and
don't even answer the door.)


Rod
-- 
    "Open Source Software - You usually get more than you pay for..."
     "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"