Re: Cracking attempt

To: debian-isp@lists.debian.org
Subject: Re: Cracking attempt
From: Sis <sis@helpalert.com>
Date: Sun, 23 Feb 2003 19:33:24 -0800
Message-id: <20030224033324.GA13602@helpalert.com>
In-reply-to: <61874.67.66.8.41.1046054165.squirrel@client.dailydata.net>
References: <61874.67.66.8.41.1046054165.squirrel@client.dailydata.net>

On Sun, Feb 23, 2003 at 08:36:05PM -0600, Rod Rodolico wrote:
> Ok, the other day someone scanned the ports from 3102 to 3230 on my
> server. My firewall picked it up and told me about it. I have the
> originating IP, date/time, etc...
> 
> Question: What do you suggest I do about it? I've already contacted the
> owner of the IP's (cox.net) but really don't know what they will do. I was
> torn between "Gee, the firewall does work" and "I'd love to catch the
> sucker." Have no idea what they were looking for as services lists
> Interbase and Squid in that range.
> 
> Suggestions?

   You mean to tell us that you got port scanned one time? I can't think
of the last day when i wasn't port-scanned on all IP in my ranges.

   In my case they usually do it once. But if they come back and make a
habit of it, then i make a file of their logged scans and send it to
abuse@their-isp with a note.

   Port-scanning - yet another waste of bandwidth.

Reply to:

References:
- Cracking attempt
  - From: "Rod Rodolico" <stargazer@dailydata.net>

Prev by Date: Debian Friendly ISP web page
Next by Date: Re: Cracking attempt
Previous by thread: Cracking attempt
Next by thread: Re: Cracking attempt
Index(es):
- Date
- Thread