Re: Cracking attempt
Usually if we get such a report, we'll inform the client of their actions.
Most times that discourages them from doing it.
If they do it repeatedly and to many different hosts/IPs, then obviously
there is something going on and we act on that. But rarely would an ISP
disconnect a server or such just for one or two complaints of this sort
(especially since no actual hacking/cracking occurred).
This reminds me of the "Open Relay" test. Some ISPs claimed it was illegal
because they were "intruding" and "testing" their network for
vulnerabilities. Others said that if you have a host on the internet, you
can expect it to be a public system and thus "accessed". Which is right, I
don't know... but every day our servers and networks get probed at least
hundreds of times. Rarely do we take action against the foreign/other ISP
unless someone is REALLY repeatedly hammering a server. Then if no action
is taken we may even block them at the router/switch level.
Hope that helps.
----- Original Message -----
From: "Rod Rodolico" <email@example.com>
Sent: Monday, 24 February, 2003 10:36 AM
Subject: Cracking attempt
> Ok, the other day someone scanned the ports from 3102 to 3230 on my
> server. My firewall picked it up and told me about it. I have the
> originating IP, date/time, etc...
> Question: What do you suggest I do about it? I've already contacted the
> owner of the IP's (cox.net) but really don't know what they will do. I
> torn between "Gee, the firewall does work" and "I'd love to catch the
> sucker." Have no idea what they were looking for as services lists
> Interbase and Squid in that range.
> 1.79 x 10^12 furlongs per fortnight -- it's not just a good idea, it's
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact