Re: OT: should i report portscans to ISP?
At 10:40 AM 3/9/02, Juhan Kundla wrote:
Hei!
Firstly, i am a linux newbie. I have a small network of computers here,
which i have to look after. This network is connected to internet via debian
woody firewall. This firewall is being portscanned quite often. Those
scans originated from a computer, which has same ISP as me. As far as i
can tell, my firewall has not being compromised in any way. If those
scans were prelude to some kind of attack, this attack either never took
place or it failed. So my question is: what should i do? Should i report
this to my ISP? Should i block the IP address of the scanner? (This is
probably bad idea, since we have here dynamic IP-addresses) I don't want to
overreact in any way. I am very new at this network security
administrator field.
If it's from the same ISP, then I would at least let their system admin /
security people know. It might save them from getting their ip space
black listed later. If it's not from your ISP's space, than I would ignore it
if you were to chase down every dial up / through away account out there
well don't expect to see your family, your friends, or the inside of your eye
lids ever again. (Than again if you have a large ISP, like a cable modem
provider, you'd suffer the same problem).
If it's coming from the ISP's address space, there is a chance that it's the
ISP scanning to see what services you are running. Just make sure you
keep your firewall patched and hole free, and you shouldn't have too many
problems.
Chris
Reply to: