Re: What's the current thinking on portmapper probes?

[Richard Johnson <rdump () RIVER COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 22:04 -0600 on 07/30/2000, John Pettitt wrote:
> I've had a couple of portmapper probes in the last two days - it's not
> going to get them anywhere because I don't run portmapper.  However I was
> wondering what the current thinking on this is - is it worth notifying the
> owners and/or isp for the source machine?


Many sites appreciate a polite heads-up warning about the scan originating
from their neighborhood, if you have the time to send one.  'Sorry to be the
bearer of bad news, but you might have a problem...' is a good way to do it.

Just be sure to include details in your report, including timestamps with time
zone info and enough log detail to show the scan really happened.  Reports
like 'you have an intruder on one of your machines but I'm not going to tell
you which one or that I really only saw one packet' are useless. ;-)


Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm

iQA/AwUBOYeysWKSuJuuNAZUEQLIvACeNZKxVY7VolXzYctZHWaJIluSo1QAoKCa
PYgAm8aCskWWKbXKyXZ9EDwn
=DfUZ
-----END PGP SIGNATURE-----