<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
<TITLE>Re: [luau] RE: Request for off line security help</TITLE>
<META NAME="GENERATOR" CONTENT="StarOffice/5.2 (Linux)">
<META NAME="CREATED" CONTENT="20011113;21315900">
<META NAME="CHANGEDBY" CONTENT="Ben Beeson">
<META NAME="CHANGED" CONTENT="20011113;21334900">
</HEAD>
<BODY>
<P>Doug,</P>
<P> Thanks for your help also. After Chris' last input, I now believe
I got what "they" thought I wanted... In other words, all is
well in the world today!</P>
<P>Respectfully,</P>
<P>Ben
</P>
<P><BR><BR>
</P>
<P> </P>
<HR>
<P STYLE="margin-bottom: 0in">Original Message dated 11/13/01, 6:29:15
AM</P>
<P STYLE="margin-bottom: 0in">Author: Doug Stanfield
<DOUGS@oceanic.com></P>
<P STYLE="margin-bottom: 0in">Re: [luau] RE: Request for off line
security help:</P>
<HR>
<P><BR><BR>
</P>
<P><FONT SIZE=2>Chris,</FONT>
</P>
<P><FONT SIZE=2>Thanks for this follow up email. You just
redeemed yourself. :-)</FONT>
</P>
<P><FONT SIZE=2>What I know about Digital Island scans: They
never scan the end customer. Their footprint servers number
somewhere between 400 and 500 and they use a synchronization and
randomization algorithm to make sure none of them scan a target
simultaneously. You'd probably see the 400 or so scans spread
over a two hour period. They are supposed to _only_ check the DNS
server of your domain with a few pings. Even this minimal
activity has some in the networking community up in arms. ;-)
They would definitely not dare to port scan a user as you describe.</FONT></P>
<P><FONT SIZE=2>[Chris wrote]</FONT> <BR><FONT SIZE=2>> The IP that
you were scanned from is a customer of ours,</FONT> <BR><FONT SIZE=2>>
Qualys.com. They are a security company that business hire</FONT>
<BR><FONT SIZE=2>> to do comprehensive security screening.</FONT>
</P>
<P><FONT SIZE=2>> I do not know why they were scanning you. It
could be one of</FONT> <BR><FONT SIZE=2>> reasons:</FONT>
</P>
<P><FONT SIZE=2>> 1. Road runner hired them to do an
assessment on their network.</FONT>
</P>
<P><FONT SIZE=2>No. I believe I can speak authoritatively on
this. Road Runner security does all its own scanning. They
scan from a single subnet in their address space. If you point a
web browser at the address that scans you there is an informative
message about the procedure. </FONT>
</P>
<P><FONT SIZE=2>> 2. Someone may have compromised their
network and is doing </FONT><BR><FONT SIZE=2>scans from behind their
firewall.</FONT> <BR><FONT SIZE=2>> 3. Someone in their
company is messing around.</FONT>
</P>
<P><FONT SIZE=2>I vote for one of these. There are some nasty
things floating around the Internet these days. Ben, you were
right to question what was happening.</FONT></P>
<P><FONT SIZE=2>-Doug-</FONT>
</P>
<P>---<BR>You are currently subscribed to luau as:
beesond001@hawaii.rr.com<BR>To unsubscribe send a blank email to
$subst('Email.Unsub')
</P>
</BODY>
</HTML>