RE: what should I do when....

["Sergio Castro" <sergio.castro () unicin net>]

Hi Jorge,

My recommendation, other than make sure your public IP systems are properly
hardened, is to do nothing. Continuous scans and brute force login attempts
are the norm on the Internet. For every ISP that pays attention to your
complaints, 10 will ignore you.

- Sergio

-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En
nombre de Jorge L. Vazquez
Enviado el: Jueves, 03 de Julio de 2008 09:05 p.m.
Para: security-basics;
security-basics-sc.1207759308.halobnafecliebdpegpn-Jlvazquez825=gmail.com@se
curityfocus.com; security focus listbounce
Asunto: what should I do when....

for the last 2 days I've been getting lots of connections attempts on my
firewall logs(ipcop firewall), from a specific ip based in Canada, the log
is showing a
*
*
NEW not SYN?

it seems that someone is trying to initiate a connections, or may be a scan.
Although the good thing is that the firewall is detecting them therefore
stopping them, I'm getting worried of hacker activity, I've already done ip
lookup, and dns whois query both of those point to ip and host in Canada it
seems to be a company as I got their public website and also private
network.....could anyone advice me what's the proper course of actions in
this case?....

thanks
Jorge L. Vazquez
www.pctechtips.org



__________ NOD32 3243 (20080704) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com