A port scan is not an Incident (was No one wants responsibility)

[Etaoin Shrdlu <shrdlu () deaddrop org>]

"Harlan S. Barney, Jr." wrote:

Even though you've received this advice before, from others, I'm still
fool enough to try.

> A few days ago, I received a reply to an intrusion attempt report that I
> sent to a Canadian ISP.  He did not want any more reports (I have sent
> two) as he did not have time and did not care about what his clients
> did.

My sympathy is with the guy at the ISP.

> In browsing through the RR web pages I found that their AUP no longer
> contains any reference to hacking, cracking or other intrusions.

Most of what I've seen from you on this list has been reports from your
copy of BlackICE. Port scans, in and of themselves, do not warrant being
reported as hacking/intrusion attempts. Have a heart folks. Scanning
might be annoying, but that's it. It's part of being on the net.

> Another report to a Korean bounced back.  They post a contact e-mail
> address, but then never read their mail.

If I were an ISP, I might filter email like yours, and bounce it. I
admit that the Koreans do represent a special problem, but I doubt that
your road runner connection is as interesting to the bad guys (other
than as a mail relay or DoS broadcast machine) as you think.

--
Computer security is an oxymoron.
Prepare for the worst.
                -- Bruce Schneier