We've found that at least notifying and 'complaining' of the scans or
intrusion attempts can help a site realise they have a compromised machine
or two, so far, out of 8 notifications this week 4 have been confirmed, or
at least claimed to have been compromised.
Thanks,
Ron DuFresne
On Fri, 7 Jul 2000, Michele M. Jordan wrote:
> Well, policy is a strong word, but I review the firewall logs each morning, and
>anything that catches my attention gets an email to the administrator/security of the
>offending domain. Repeat offenses typically include a cc to the upstream provider.
>
> I get a variety of responses to my emails, from totally ignoring them to just this
>morning I got a phone call from someone. Sometimes they don't know they have a
>problem, or can't trace the problem, and I send firewall log entries to help.
>There's one company "mapping the Internet" that I've notified several times, at
>increasing levels of hostility. They just apologize for any inconvenience, but then
>the next day is another scan.....
>
> My $0.02, and worth both pennies to you I'm sure... :)
>
> -Michele
>
> declan mckibben wrote:
>
> > Hi
> >
> > Do you folk exercise a particular policy for intrusion attempts, port
> > scanning and the like? Do you ignore it, report it to an ISP, some other
> > group etc?
> >
> > I am the firewall admin where I work and am working off a policy meshed
> > from the IT Security Cookbook and some of the publications at Sans.
> >
> > Comments would be very welcome.
> >
> > Regards
> >
> > --
> > Declan McKibben
> > Project Manager
> > IT Development
> > RTE
> > Donnybrook
> > Dublin 4
> > Ireland
> >
> > t +353-1-2083698
> > f +353-1-2083080
> > e [EMAIL PROTECTED]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
