Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Incident Response

From: "netsec novice" <netsec9 () hotmail com>
Date: Fri, 06 Dec 2002 16:46:36 +0000
By scan I mean trying to ftp, telnet, sunrpc to all of my public addresses sequentially. My general question is just when do I need to do something other than just check my firewall logs for the source address and verify they weren't successful in gaining access anywhere vs. actually reporting an incident. 
Thanks for any feedback
N



From: Gene <gyoo () attbi com>
To: netsec novice <netsec9 () hotmail com>
Subject: Re: Incident Response
Date: Thu, 05 Dec 2002 15:23:41 -0800
when you say scanned, what type of scan? if they are doing intrusive scan, i would go ahead and contact their administrator and explain to him about your concern, but make sure you have the data to back it up. 

IH really depends on what type.

netsec novice wrote:
Every day we get scanned by various entities and some are more persistent than others. I'm looking for input on when most of you decide to send an e-mail or make contact with the person listed as abuse contact or responsible party according to whois for the source address. Since most are coming from overseas I haven't bothered figuring I wouldn't get a response anyway and was also concerned that initiating contact may make things worse. Scans seem fairly commonplace so I generally don't get alarmed. I'd love to hear about your practices for incident handling. 

N




_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail 





--
Gene Yoo, gyoo () attbi com



_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Previous By Date Next
Previous By Thread Next

Current thread: