Hi All,

 

This morning I got an interesting email from cirt@ca.go.ke as regards open RDP ports on the network.

 

Now, I’ve got a few questions about this -

 

a.)     Has anyone else had similar reports

b.)    Ports can be open for many reasons – and they sit on private companies machines and companies have the right to firewall or not firewall dependent on a multitude of reasons – why are these being put out as an incident report

c.)     Under what premise does anyone – be they cert or otherwise – have the authority to run scans against private networks and systems – I was under the impression that port scanning private systems was not allowed?

 

I’m kinda concerned here when a report shows up that clearly indicates that targeted scans have been made – particularly since some of the IP addresses in that report are not even inside Kenya and sit on IP addresses belonging to clients who have in no way authorized security scans against themselves.

 

Anyone got any thoughts or comments?

 

Andrew