If you have the source IP address, goto http://combat.uxn.com and look the
owner up.
Email the ISP that holds that (block of) address(es), and write that if the
port scanning
continues, the legal procedings will commence. They will usually do
something about it.
If the hacker knows what they are doing, you may not have much luck.
> ----------
> From: Charles Luo[SMTP:[EMAIL PROTECTED]]
> Sent: 15 December 2000 11*40
> To: [EMAIL PROTECTED]
> Subject: How to keep port scannings away?
>
> hi, guys
>
> A few days ago, I installed snort-1.3.6 on one of my company LAN machines.
> By checking log files daily, I found that our firewalls are scanned 3-4
> times daily, . Some of them scan normal ports, such as 80, 8080, 111; but
> some of them scan ports like 1243, 21, 22, 1080 etc . I suppose that the
> people scan the later ones could have some tendencies in mind.
>
> So, can anyone suggest me how to keep those scannings away ? If it is
> unavoidable, what I should do in order to reduce the damage as lower as
> possible?
>
> Thank you in advance,
> Charles
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
