RE: i've been port scanned. now what
Well, as a network administrator, I feel thusly:
> -----Original Message-----
> From: piglet@vegetable.org.uk [mailto:piglet@vegetable.org.uk]On Behalf
> Of Tim Haynes
> Subject: Re: i've been port scanned. now what
>
>
> Nathan E Norman <nnorman@micromuse.com> writes:
>
> [snip]
[...]
> Sure, but I hope you didn't let rip with them on other networks
> or sections
> of network over which you didn't have control.
If I get a scathing phone call about someone scanning, say, <1024, one time
through, I'm a gonna be pissed.
> What I'd suggest is that the OP applies a scale to it: a few ports scanned
> in succession is not worthwhile waking a net-admin up for; a few ports
> scanned multiple times over is getting more interesting; a large range of
> points also bumps up the `score'; a repetitive attack on many sensitive
> ports (111/tcp, 53/tcp, 21/tcp, you know the sort of thing) would have me
> on the 'phone to whoever was listed in `whois`.
1-1024 one time through = whatever, dude..
>1024 || (<1024 more than once) = This is more interesting
Poking at specific ports = more interesting
DoS coming from my system = Dammit, you had better wake me up!
> > You could always send an email to the ISP in question and ask them what
> > they think; whether they want a copy of the logs, etc.
>
> Agreed. By the above scaling system, it could be worse. Still, it's
> worthwhile asking `oi you, what's up, d'you mind?' or somesuch.
A polite email at any level would be appreciated, I do agree..
Something along the lines of "Hey, I noticed something funny..."
--
T. Alex Swavely
"So I though to myself, 'if this were the coolest place in the world, would
they have only one pair of rubber party pants?'"
Reply to: