Re: Cracking attempt

To: <debian-isp@lists.debian.org>
Subject: Re: Cracking attempt
From: Russell Coker <russell@coker.com.au>
Date: Mon, 24 Feb 2003 08:39:24 +0100
Message-id: <200302240839.24093.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <004c01c2dbcf$53c3a880$cb00a8c0@antivirus8>
References: <61874.67.66.8.41.1046054165.squirrel@client.dailydata.net> <004c01c2dbcf$53c3a880$cb00a8c0@antivirus8>

On Mon, 24 Feb 2003 07:38, Jason Lim wrote:
> Usually if we get such a report, we'll inform the client of their actions.
> Most times that discourages them from doing it.

In any case it's a service to your client - who is the one paying you.  It 
always amazes me that people on the net expect you to take their side against 
one of your clients for something innocent like a bit of portscanning!

> unless someone is REALLY repeatedly hammering a server. Then if no action
> is taken we may even block them at the router/switch level.

That's the only thing to do, if someone is excessively scanning you then you 
block their IP addresses for a while.  Of course you can't be too trigger 
happy with this or you'll end up with half the Internet in your firewall rule 
set...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Cracking attempt
  - From: Tim Spriggs <tims@fugazi.engr.arizona.edu>

References:
- Cracking attempt
  - From: "Rod Rodolico" <stargazer@dailydata.net>
- Re: Cracking attempt
  - From: "Jason Lim" <maillist@jasonlim.com>

Prev by Date: Re: Cracking attempt
Next by Date: Re: Cracking attempt
Previous by thread: Re: Cracking attempt
Next by thread: Re: Cracking attempt
Index(es):
- Date
- Thread