Security Incidents mailing list archives
Re: Re: Attack attempts from 195.86.128.45
From: Benjamin Krueger <benjamin () seattlefenix net>
Date: Wed, 7 May 2003 23:16:12 -0700
* Levinson, Karl (LevinsonK () STARS-SMI com) [030507 22:37]:
In addition to the other suggestions here, have you considered www.mynetwatchman.com and/or www.dshield.org? These are two free services which would let you see if anyone else has seen attacks such as this, as well as automatically notify the relevant ISP [though I agree that this often does not bring satisyfing results]. If you're like most people, you will receive so many of these types of initial scans that you may find yourself unable to respond to each scan personally. Make sure your firewall policy and systems are secure, and be sure to look for connections that were permitted in addition to ones that were dropped.
I should mention, while www.mynetwatchman.com sends email to everyone about abuse, they respond to none. I've gotten quite a few emails from them regarding attacks from an IP address that I no longer use. I changed ISPs and the reverse DNS entry was never changed. Since the reverse DNS entry pointed to my domain, mynetwatchman.com assumed that security@ my domain was the correct place to send attack reports. I've sent them many emails to correct this error (and flaw in their system) but never recieved anything more than a useless automated response. -- Benjamin Krueger ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- Re: Attack attempts from 195.86.128.45, (continued)
- Re: Attack attempts from 195.86.128.45 KoRe MeLtDoWn (May 06)
- Re: Attack attempts from 195.86.128.45 Jacco Tunnissen (May 07)
- Re: Attack attempts from 195.86.128.45 abuse (May 07)
- Re: Attack attempts from 195.86.128.45 Rune Kristian Viken (May 13)
- Re: Attack attempts from 195.86.128.45 Fred van Engen (May 13)
- Re: Attack attempts from 195.86.128.45 Jacco Tunnissen (May 07)
- Re: Attack attempts from 195.86.128.45 KoRe MeLtDoWn (May 06)
- Re: Attack attempts from 195.86.128.45 Valdis . Kletnieks (May 08)
- Re: Re: Attack attempts from 195.86.128.45 Benjamin Krueger (May 08)