Security Basics mailing list archives
Incident response to being scanned
From: Bob Kelley <b0bk3ll3yjr () adelphia net>
Date: 25 Apr 2003 05:16:05 -0000
In reviewing my firewall and web server logs, I see repeated attempts from several ip addresses to scan my network as well as infect my webserver with code red. The source addresses are not always the same. I am confident that I don't have any holes in my firewall and my webserver is up to date. I perform weekly vulnerability scans of my equipment to make sure I am covered. What is considered the best practice for dealing with these incidents? Should I be filing abuse reports with the ISPs of the source IPs? This obviously takes time. I am looking for a business case to justify the time spent responding. Thanks --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Incident response to being scanned Bob Kelley (Apr 25)
- RE: Incident response to being scanned David Gillett (Apr 28)
- Re: Incident response to being scanned security () nuvox net (Apr 28)
- <Possible follow-ups>
- RE: Incident response to being scanned Fields, James (Apr 28)
- RE: Incident response to being scanned Allan Schon (Apr 28)
- Re: Incident response to being scanned H Carvey (Apr 28)
- Re: RE: Incident response to being scanned Bob Kelley (Apr 28)
- RE: RE: Incident response to being scanned Security News (Apr 28)
- Re: Incident response to being scanned Paris Stone (Apr 28)
- Re: RE: Incident response to being scanned Frank Gearhart (Apr 29)