Security Incidents mailing list archives

Ok, we've been scanned.. ..now what!

From: "Steven M. Klass" <sklass () ANDIGILOG COM>
Date: Mon, 7 Aug 2000 16:44:53 -0700

Hey all,

        Well this weekend was a particularly active weekend for the scanners..  It
appears that I have been scanned several hundred times by the same
moron.  What is the proper procedure for telling these idiots to know it
off.  I mean I know that it is coming from the aol spectrum from a
traceroute, so what's next?  Do any of you have scripts to deal with
this.  I was thinking about possibly implementing a dynamic ipchains
protocol that sees a scan and after n times blocks that idiot for a week or
so, on all ports.  Does anyone have such a beast that would like to share
that with me?  I also thought about more devious things, like nmaping the
moron and flooding his available ports..  Fight fire with fire..  Any ideas?
Steven M. Klass
Physical Design Engineering Manager

Andigilog Inc.
7404 W. Detroit Street, Suite 100
Chandler, AZ 85226
Ph: 602-940-6200 ext. 18
Fax: 602-940-4255

sklass () andigilog com
http://www.andigilog.com/

Current thread:

Ok, we've been scanned.. ..now what! Steven M. Klass (Aug 08)
- Re: Ok, we've been scanned.. ..now what! Ben Laws (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Bill Pennington (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Valdis Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: Ok, we've been scanned.. ..now what! Robert Bussey (Aug 09)