Glen Scott wrote:
>
> Hi all,
>
> Just a quick question- is it worth reporting system scans to the
> relative network owners?
>
> Regards,
>
> Glen
My general rule of thumb for reporting this kind of stuff is when I see
the same IP several times or when its an all out obvious attack / probe.
If they initiate various probes on ALL my ports, I would assume an
attack. If its just a scan and I see their IP once, I make a mental or
physical note of it. If I see it again in a month's time, I report to
proper authorities.
I once had a port scan on my machine for a trojan several times in 3
weeks by the same IP. I reported to the [EMAIL PROTECTED] and was notified a
week later the offending person's account had been terminated after it
was determined by their ISP they were abusing the acct. This was a bit
unusual though, I *Actually* got a response from someone. =)
--
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
