Security Incidents mailing list archives
Re: Scans... (was Re: 3 Solaris reboot in 3 days)
From: Ben Laws <ben () ION AS UTEXAS EDU>
Date: Wed, 2 Aug 2000 10:27:02 -0500
Pierre Vandevenne wrote:
What do you think ? What would you do if it was your network ?
Howdy Pierre -- In these hostile times, I do little more than make note of the originating IP & type of probe when my network is scanned. The IP goes on a list which I check to expose repeat offenders. Notification of ISPs due to scanning activity is seemingly futile, and perhaps not appropriate for a single scan. The activity is currently legal, and hopefully will remain so. That doesn't mean it isn't rude :-) Usually I do investigate the originating IP address... if it looks like the system may be compromised and belongs to a specific business, I'll give them a heads up. So far, I haven't had any hackers persistant enough to warrant blocking IPs/netblocks at the router. It's only a matter of time however... ciao, Ben Laws Systems Analyst Hobby-Eberly Telescope UT McDonald Observatory
Current thread:
- Scans... (was Re: 3 Solaris reboot in 3 days) Pierre Vandevenne (Aug 01)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) mixter (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) Pierre Vandevenne (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) Ben Laws (Aug 02)
- Re: Scans... (was Re: 3 Solaris reboot in 3 days) mixter (Aug 02)