Unless the network is lying to me again, Martin said:
> You're right, you can't do anything about port scans. Besides which,
> checking to see if someone's doorknob is unlocked isn't strictly
> illegal, and it's hard to show that someone port scanning is more
> intrusive than that.
What you *CAN* do, however, is look where the scans are coming from.
If they are from a dialup (guessed via hostnames) or cablemodem systems
(same guess), I let them go. However, when I'm scanned from what *SHOULD*
be a secure system (again, based on hostname), I do whatever I can to
contact the person running the host.
I've come across several UNIX (primarily Linux) boxes that were compromised
and then used to mount large-scale scans. A bit of detective work was able
to find the appropriate contacts and get the boxes locked down, cleaned,
upgraded, removed, or whatever was appropriate.
A bit more detective work (depending on the interest of the person that was
compromised), and you may even be able to find out who did it, and prosecute
them for getting into the system in question.
AlanC
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
