ATT BroadBand Port Blocking

[pri.blu at iadonisi.to (Paul Iadonisi)]

On Sat, 2003-02-08 at 23:06, Vince McHugh wrote:

[snip]

>  From this post it seems like the discussion was
> someone from outside of the local network trying to
> use nmap to port scan. 
> 
>  If this is the case there is no way an ISP could know
> that this is one friendly person trying to help out
> another (with no evil intention).

  I doubt any ISP has the time to check to see if anyone is scanning its
customers or if its customers are scanning others.  What will get an
ISPs attention is if someone you are scanning reports you to your ISP. 
Then, you are in deep doo doo.

>  The reason I brought up the issue was because of post
> from another mailing list where an individual had his
> box hacked and ATT shut him down (turned off his
> internet connection) because his box was detected port
> scanning others. He had a H*ll of a time convincing
> ATT to turn his service back on. 

  Right, and it was probably a case where someone whose box was scanned
by his hacked box reported him to his ISP.  Gotta keep those always-on
connections secured and equipped with some IDS for maximum protection.
;-)
  Although I'm not defending AT&T (God forbid), there really is no way
for them to know that this user wasn't doing the scanning himself
instead of it being the result of being hacked.  It shouldn't, however,
be that hard to disconnect the box from all network connections and
gather enough evidence from it to submit to AT&T to prove it was hacked.

>  I'm not looking to start a flame war over this. We're
> all "big boys" with free will. Do as you please. 

  Of course.  But some of us live and die by flame wars (half kidding
;-)).

-- 
-Paul Iadonisi
 Senior System Administrator
 Red Hat Certified Engineer / Local Linux Lobbyist
 Ever see a penguin fly?  --  Try Linux.
 GPL all the way: Sell services, don't lease secrets