[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

i've been port scanned. now what

My packet filter ruleset catched somebody on port scanning one of our host.
He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
with nmap), but my packet filter denied his/her queries (the kernel
generated 1 mb log in 3 minutes with the denied packets). I have his/her
ipv4 address, and i would like to ask, what should i do know? i figured out
from the ripe.net whois db, that the ip is owned by one of the ISP's from my
country, is it possible, that the scanner cracked the isp's machine, then
pushed the scan from there?


Reply to: