Re: i've been port scanned. now what
Nathan E Norman <nnorman@micromuse.com> writes:
[snip]
> Well, that all depends ... do you consider port scanning criminal
> activity or not?
>
> I do not - I think you should view a port scan as a possible indication
> that someone intends to attack you.
Agreed.
> It's also possible that someone is just exploring.
Then they need educating that scanning such a vast range of ports is an
unacceptable definition of `exploring'.
> As a former network administrator I wasn't too worried about portscans
> unless they were followed up with actual connections. I also used
> portscans when needed to discover what users on the network were up to.
Sure, but I hope you didn't let rip with them on other networks or sections
of network over which you didn't have control.
What I'd suggest is that the OP applies a scale to it: a few ports scanned
in succession is not worthwhile waking a net-admin up for; a few ports
scanned multiple times over is getting more interesting; a large range of
points also bumps up the `score'; a repetitive attack on many sensitive
ports (111/tcp, 53/tcp, 21/tcp, you know the sort of thing) would have me
on the 'phone to whoever was listed in `whois`.
> You could always send an email to the ISP in question and ask them what
> they think; whether they want a copy of the logs, etc.
Agreed. By the above scaling system, it could be worse. Still, it's
worthwhile asking `oi you, what's up, d'you mind?' or somesuch.
~Tim
--
Roobarb and Custard let fly |piglet@stirfried.vegetable.org.uk
with their secret weapon. |http://spodzone.org.uk/
Reply to: