 |
How to make good friends Fri, 27 Mar 2009 I just wanted to share a quick mail we've received tonight at AlienVault. I'm hiding the user's identity until he grants me permission to disclose it, which I doubt he'll do btw. The mail did read as following: Subject: Port scan from you guys to my server from 207.158.15.208. Cease and desist. I installed your ossim product and now you are port scanning my servers? You are scanning [insert FQDN here] servers right now and I am picking it up on my IDS coming from 207.158.15.208. Can you explain why you would be doing this? You had better have a good explanation or I guarantee your company will be written up in all the security publications I write in and I will recommend that nobody ever use your product. Amazing, ain't? No previous contact, no double checking, nothing, just going ahead, threatening, menacing and being bold. Well, here goes the answer. As said, this is my very own opinion and the company (Alienvault) has nothing to do with it. Just for the records, before replying I logged in into the above host, checked for unauthorized access, ran several tcpdumps and checked logs on his domain. Clean. Oh, and I'm going to call the user "Hugo" after a big mounth president with the same name.
Hello Hugo, have you ever heard about kindness going a long way? Well, it usually works. If you had kindly requested information about this, either on the forums (where hundreds of happy users would've been eager to answer you), on the irc, even on this contact address, I'd have answered with a nice: "Hey Hugo, no worries, the 1.0.6 iso comes with an automatic, free, nessus plugin feed which gets checked on a daily basis. Due to the huge amount of users we've got we noticed rsync starting to duplicate itself, launching multiple instances which in turn get denied, provoking some sort of false positives". I even would've offered you help on sorting it out if that weren't the cause, which I'm pretty sure is. But... here you come, threatening, menacing with bad manners. So the answer is. Hugo, I encourage you to post the above mail to all the security publications you write in. I'm sure your mail has the possibility to become one of those long lasting laughers which will be used as openings in security conferences all over the world for the next few years. Not enough with this, I offer you to also publish it on the ossim forums. I for sure will post it on my blog (no worries, unless you grant me permission to do so I'll hide your name and mail) for other fellow users to comment on it. And, on top, I offer you a free refund for OSSIM. Oh, wait, you haven't paid a single cent for it... So please, just deinstall OSSIM right now, that will solve both our problems or I guarantee your name will be written up in all the security publications I write in and I will recommend that nobody ever lets you use their product. I'd feel bad coding OSSIM and knowing that you would benefit from it. With kind regards, Dominique Karg PS: Any views or opinions presented in this email are solely those of the author, that is, me and do not represent those of the company Things like these keep opensource developers motivated. *sigh* Update 2009/03/27: the story goes on. ::read more
posted at: 08:34 | path: /personal | permanent link to this entry | 5 comments | |
Categories
/ (66) Dominique Karg (feel free to get in touch) Friend's blogs: 
Archives
2010-Apr Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||
