Re: Cracking attempt
On Sun, Feb 23, 2003 at 08:36:05PM -0600, Rod Rodolico wrote:
> Ok, the other day someone scanned the ports from 3102 to 3230 on my
> server. My firewall picked it up and told me about it. I have the
> originating IP, date/time, etc...
> Question: What do you suggest I do about it? I've already contacted the
> owner of the IP's (cox.net) but really don't know what they will do. I was
> torn between "Gee, the firewall does work" and "I'd love to catch the
> sucker." Have no idea what they were looking for as services lists
> Interbase and Squid in that range.
You mean to tell us that you got port scanned one time? I can't think
of the last day when i wasn't port-scanned on all IP in my ranges.
In my case they usually do it once. But if they come back and make a
habit of it, then i make a file of their logged scans and send it to
abuse@their-isp with a note.
Port-scanning - yet another waste of bandwidth.