Security Incidents mailing list archives
Ok, we've been scanned.. ..now what!
From: "Steven M. Klass" <sklass () ANDIGILOG COM>
Date: Mon, 7 Aug 2000 16:44:53 -0700
Hey all, Well this weekend was a particularly active weekend for the scanners.. It appears that I have been scanned several hundred times by the same moron. What is the proper procedure for telling these idiots to know it off. I mean I know that it is coming from the aol spectrum from a traceroute, so what's next? Do any of you have scripts to deal with this. I was thinking about possibly implementing a dynamic ipchains protocol that sees a scan and after n times blocks that idiot for a week or so, on all ports. Does anyone have such a beast that would like to share that with me? I also thought about more devious things, like nmaping the moron and flooding his available ports.. Fight fire with fire.. Any ideas? Steven M. Klass Physical Design Engineering Manager Andigilog Inc. 7404 W. Detroit Street, Suite 100 Chandler, AZ 85226 Ph: 602-940-6200 ext. 18 Fax: 602-940-4255 sklass () andigilog com http://www.andigilog.com/
Current thread:
- Ok, we've been scanned.. ..now what! Steven M. Klass (Aug 08)
- Re: Ok, we've been scanned.. ..now what! Ben Laws (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Bill Pennington (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Valdis Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: Ok, we've been scanned.. ..now what! Robert Bussey (Aug 09)