Re: Re: Attack attempts from 195.86.128.45

[Benjamin Krueger <benjamin () seattlefenix net>]

* Levinson, Karl (LevinsonK () STARS-SMI com) [030507 22:37]:
> In addition to the other suggestions here, have you considered
> www.mynetwatchman.com and/or www.dshield.org?  These are two free services
> which would let you see if anyone else has seen attacks such as this, as
> well as automatically notify the relevant ISP [though I agree that this
> often does not bring satisyfing results].
>
> If you're like most people, you will receive so many of these types of
> initial scans that you may find yourself unable to respond to each scan
> personally.  Make sure your firewall policy and systems are secure, and be
> sure to look for connections that were permitted in addition to ones that
> were dropped.

I should mention, while www.mynetwatchman.com sends email to everyone about
abuse, they respond to none. I've gotten quite a few emails from them 
regarding attacks from an IP address that I no longer use. I changed ISPs
and the reverse DNS entry was never changed. Since the reverse DNS entry
pointed to my domain, mynetwatchman.com assumed that security@ my domain
was the correct place to send attack reports.

I've sent them many emails to correct this error (and flaw in their system)
but never recieved anything more than a useless automated response.

-- 
Benjamin Krueger

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------