Re: Handling Scans.

[Eelco Duijker <e.duijker () ITSEC NL>]

Automated mailers connected to snort or tripwire can be handy, but how
are you going to check which IP-addressses are used as a decoy and which
are actual hostile.

Eelco

abel wisman wrote:
> This matter is interesting, and i was thinking about it upion reading the
> previous posting.
> As a shell/web host, the numbers of scans that pass by daily are staggering,
> certainly i would like to sit down and write to all isp's about their
> 'clients" doing this, however time is a elusive artivle nowadays.
>
> Has (in addition to the question already asked) anybody mae (perhaps) a
> automated system based on for instance iplog, snort or tripwire, where mail
> is generated to do this automatically?
>
> would be an interesting feature
>
> abel wisman
> ABLE Towers LLC
>
> www.able-towers.com
> www.url.org
>
> On Monday 12 February 2001 10:28, Reeves, Mike wrote:
> > I was trying to get some community type feedback on what people usually do
> > in handling scans of thier networks. At home I usually look back at the
> > person scanning me. I get scanned about 5 times a day. Should I take the
> > time to contact the admin or should I just let it go? What do most people
> > do?
> >
> > Mike K. Reeves
> > Networking Services Engineer,
> > Synchrony Communications, Inc.
> > MCSE Microsoft Certified System Eliminator
> > "Geek by nature... Linux By Choice..."

--
Eelco Duijker <mailto:e.duijker () itsec nl>

ITsec Nederland B.V. <http://www.itsec.nl>
Informatiebeveiliging
Exploit & Vulnerability Alerting Service

P.O. box 5120
NL 2000 GC Haarlem
Tel +31(0)23 542 05 78
Fax +31(0)23 534 54 77

--

ITsec Nederland B.V. may not be held liable for the effects or damages
caused by the direct or indirect use of the information or functionality
provided by this posting, nor the content contained within. Use them at
your own risk. ITsec Nederland B.V. bears no responsibility for misuse
of this posting or any derivatives thereof.