OK, calm down.
First up - there's no need to mail firewalls-owner with this. That address
is only for administrative contact, not general questions.
It _looks_ like you've had someone on your network try and scan someone
else's network. AUNIC suggests that network belongs to the IAP Group, who
were an ISP in Western Australia (go aussie!). Sadly, my cursory webgrepping
indicates that IAP went broke in 1997 owing $900k to creditors, so I'm a bit
puzzled.
Whoever sent you that message needs to:
a) Relax.
b) Try and include UTC timestamps in logs
c) Read about 'IP Spoofing' and 'Bounce Scans'
In short, there is no proof that this scan originated from your network. It
may have done, but there is a great deal of investgation required to
establish that. In any case, in most sensible legal systems, no action is
warranted or permissable for a one-off port scan. Tell them to get back to
you if there is an actual breakin.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 4:44 PM
> Cc: Firewalls (E-mail); [EMAIL PROTECTED]; reda hicham
> Subject: Re: Sniffers
>
>
>
> This has been sent to us and I can't figure out how it
> happened and how am
> I going to solve the issue. Any help?
>
> -
>
> >You have a user that is abusing their access and probing our
> networks.
> Unless I >receive immediate confirmation of corrective actions
> againstthis person, your IP >address range will be blocked from all of
> our networks.
>
> Apr 18 22:14:39 mmfw 8589: 4w0d: %SEC-6-IPACCESSLOGP: list 100 denied
> tcp 202.58.243.18(1527) -> 208.23.208.49(53), 1 packet
> Apr 18 22:14:40 mmfw 8590: 4w0d: %SEC-6-IPACCESSLOGP: list 100 denied
> tcp 202.58.243.18(1536) -> 208.23.208.58(53), 1 packet[we get the idea...]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
