|
Hi, gang.
I'm looking for help/critique here. Please
fire away at will.
We just came under a DNS/TCP scan from host
63.72.190.60. The scan
went sequentially through every IP across two
disparate netblocks.
Immediate response was to completely block this IP
at the FW.
Next step is to look up (NSI) and contact the ISP
for this address. Problem
is that NSI shows "[No name]" for this IP, and I
cannot seem to locate a
responsible party.
My next thought is to traceroute/ping-R and find
the one-upstream vendor
and contact their abuse department (assuming they
have one), but that could
be construed as scanning the other network (which
could get us in trouble).
What to do?
(Incidentally, I'm the
CEO/SysAdmin/Network-guy/Janitor, so all my options
are open as to representing the
corporation.)
I receive only the digest, so please cc replies to
myself, and I will try to respond.
Thanks!
-jb |
- Re: How to handle unregistered/unlisted hosts? Jon Bentley
- Re: How to handle unregistered/unlisted hosts? Philipp Buehler
