Nmap Announce mailing list archives
RE: can/should
From: "Gallicchio, Florindo (2282)" <FGallicchio () netera com>
Date: Wed, 24 May 2000 06:30:21 -0400
Barry: It all depends on what your security policy stipulates. You should go only so far as to meet your security objective. If a port scan is something you consider to be either non-threatening or something that should be monitored only, then you would perhaps log the source address (provided it isn't spoofed), the date, the time, etc. If you're a managed security services (like what my company offers) or some type of business that would require a higher level of vigilance, you would take it further for evidence gathering purposes, at least. Keep in mind that port scanning does not constitute an attack per se. Our clients come under *constant* port scanning, among other types of events. Establish your security baseline, then establish a risk threshhold. Anything above the threshhold should be met with a documented escalation procedure of some sort that meets the requirements of your security baseline. Florindo _________________________ Florindo Gallicchio Director, Managed Security Services esavio www.esavio.com -----Original Message----- From: Barry Hudson To: nmap-hackers () insecure org Sent: 5/23/00 9:35 AM Subject: can/should As a new firewall admin I have a question for the white hats. I log port scans and do a whois to locate the ISP that owns the ip address. My questions is what else can/should be done. I have no other reason to believe they got through or committed any crime. What else are you guys doing? I hope this is not to far off topic. Barry S. Hudson Network Systems Manager Fredericksburg Savings Bank www.fsbnk.com Business Email - bhudson () fsbnk com All Other Email - barryhudson () compuserve com This email is intended for the addressee only. The material may be privileged and confidential information. If you have received this email in error, please notify me immediately by email and delete the original. Thank you.
Current thread:
- can/should Barry Hudson (May 23)
- Re: can/should Mr. Man (May 24)
- Re: can/should Security (May 24)
- Re: can/should Thomas Reinke (May 24)
- Re: can/should Ola Nyström (May 25)
- Re: can/should Jose Nazario (May 24)
- Re: can/should Eric Hancock (May 24)
- Re: can/should Bennett Todd (May 24)
- <Possible follow-ups>
- RE: can/should Gallicchio, Florindo (2282) (May 24)
- RE: can/should Dion Stempfley (May 24)
- RE: can/should Sean Ellis (May 24)
- RE: can/should Crye, Michael (May 24)
- RE: can/should Jonathan Day (May 25)
- Re: can/should John Mee (May 25)