i've been port scanned. now what
My packet filter ruleset catched somebody on port scanning one of our host.
He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
with nmap), but my packet filter denied his/her queries (the kernel
generated 1 mb log in 3 minutes with the denied packets). I have his/her
ipv4 address, and i would like to ask, what should i do know? i figured out
from the ripe.net whois db, that the ip is owned by one of the ISP's from my
country, is it possible, that the scanner cracked the isp's machine, then
pushed the scan from there?