I won't tolerate such activity on nets for which I am responsible; I figure
why should I blow it off from elsewhere.
FWIW, every administrator I've notified about exploits (including AOL, IBM,
USWest and UUNET) has responded in a positive manner indicating that they do
not tolerate that activity on the part of a customer.
I usually use 'nslookup' and 'whois' to find the ISP and send e-mail to
abuse@site.
-----Original Message-----
From: Joshua Chamas <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 18, 1999 2:00 PM
Subject: Netbus Scanner Response ?
Hi,
I'm new to the firewall crowd, and don't know the proper response when
what seems to be wannabe hackers doing a port scan of your subnet.
In this case it was someone checking port 12345 which seems to be
associated with the win32 trojan/virus NetBus.
Since the kid was coming from AOL, I reported the incident to them,
but what really should be the appropriate response. I kind of feel
like is was a piece of spam I was reporting with how trivial
the port scan was. Maybe I need to just accept these incidences
as a natural part of maintaining a firewall ?
Thanks,
Joshua
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
