<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Request for off line security help</TITLE>
<META content="text/html; charset=iso-8859-1" http-equiv=CONTENT-TYPE>
<META content="MSHTML 5.00.2920.0" name=GENERATOR>
<META content=20011111;17584700 name=CREATED>
<META content="Ben Beeson" name=CHANGEDBY>
<META content=20011111;18183300 name=CHANGED></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=643245210-12112001>I can
assure you that the reply you got back was totally accurate.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=643245210-12112001>Why?</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=643245210-12112001>Because I work at the company in question, and send out
many</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=643245210-12112001>responses to inquiries like yours.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=643245210-12112001></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=643245210-12112001>This
is the technology we use to deliver content faster than
everyone</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=643245210-12112001>else.</SPAN></FONT></DIV>
<P><FONT size=2><FONT color=#0000ff><FONT face=Arial><SPAN
class=643245210-12112001>You probably went to one of our customers websites and
that is why</SPAN></FONT></FONT></FONT></P>
<P><FONT color=#0000ff><FONT face=Arial><SPAN
class=643245210-12112001></SPAN></FONT></FONT><FONT size=2><FONT
color=#0000ff><FONT face=Arial><SPAN class=643245210-12112001>you would have
gotten the initial port scan. </SPAN></FONT></FONT></FONT><FONT
size=2><FONT color=#0000ff><FONT face=Arial><BR><BR></FONT></FONT></FONT></P>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Ben Beeson
[mailto:beesond001@hawaii.rr.com]<BR><B>Sent:</B> Sunday, November 11, 2001
6:19 PM<BR><B>To:</B> Linux & Unix Advocates &
Users<BR><B>Subject:</B> [luau] Request for off line security
help<BR><BR></DIV></FONT>
<P>Aloha all,</P>
<P>My box was recently scanned by someone. I sent a note to the NOC that owned
the IP address and got a curious reply back. To sum up, they are
systematically scanning folks as part of "network intelligence." Stated reason
is to, "optimize performance when your customers access the web resources of
our customers." This guy further goes on to say, "Our network was pinging your
system because it appeared to be a name <BR>server with a sufficient number of
resolution requests for our customer web sites to be placed on the list of
network nodes to be constantly observed for Internet congestion." </P>
<P>I don't know if I believe this just yet, especially since my system is just
a home computer and port 53 is fire-walled closed... It would be one thing if
the port scan were a cursory check to see where my system was, but it also
appears that the port scan checked for a whole bunch of stuff. Now, I am not a
security whiz... If anyone has a few minutes and would volunteer to review the
log extracts and e-mail I would be happy to share it. I don't want to make the
discussion "too public" until some one can help me figure out if the proposed
answer from the scanning NOC is believable. Once I know that, I'll be happy to
share my experience in order to "alert the public" so to speak. </P>
<P>Thanks in advance,</P>
<P>Ben </P>
<P></P>--- You are currently subscribed to luau as:
thecomputerguy@hawaii.rr.com To unsubscribe send a blank email to
$subst('Email.Unsub')</BLOCKQUOTE></BODY></HTML>