Security Incidents mailing list archives
Re: What's the current thinking on portmapper probes?
From: Richard Johnson <rdump () RIVER COM>
Date: Tue, 1 Aug 2000 23:33:39 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 22:04 -0600 on 07/30/2000, John Pettitt wrote:
I've had a couple of portmapper probes in the last two days - it's not going to get them anywhere because I don't run portmapper. However I was wondering what the current thinking on this is - is it worth notifying the owners and/or isp for the source machine?
Many sites appreciate a polite heads-up warning about the scan originating from their neighborhood, if you have the time to send one. 'Sorry to be the bearer of bad news, but you might have a problem...' is a good way to do it. Just be sure to include details in your report, including timestamps with time zone info and enough log detail to show the scan really happened. Reports like 'you have an intruder on one of your machines but I'm not going to tell you which one or that I really only saw one packet' are useless. ;-) Richard -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.2 Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm iQA/AwUBOYeysWKSuJuuNAZUEQLIvACeNZKxVY7VolXzYctZHWaJIluSo1QAoKCa PYgAm8aCskWWKbXKyXZ9EDwn =DfUZ -----END PGP SIGNATURE-----
Current thread:
- Re: What's the current thinking on portmapper probes? Richard Johnson (Aug 02)
- Re: What's the current thinking on portmapper probes? UnixGeek (Aug 03)