> So what I was wondering is what are the rules of net etiquette about port
> scans. In short, how do others perceive and react to them?
>
I read most of the book "Hacking Exposed". It's basically a general book on how to
hack and how
to prevent yourself from being hacked. They gave the general rule for port scans to
be the following (which I think is
just mostly common sense, nothing mind boggling):
If you get a port scan from someone just once, then don't do anything because you
don't have any grounds to get them
on anything. But, if the same IP address shows up over and over in your logs, then
start to take some action. If you see
any other log entries from their IP, such as failed login attempts from that IP (for
example), then I would report it
to your network security team at work (if you have one). This means that someone has
scanned your ports and is trying
different things to get in to your computer. If you don't have a security team, then
you can try banning that IP from
every listening port. There is some wrapper, I believe it's called TCPD that handles
most of your socket connections for
you, and allows you to ban IP's.
I think it's mostly a per IP basis.
Warren
--
Warren Mansur
email: [EMAIL PROTECTED]
phone: 603-884-5435
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
