Security Basics mailing list archives
Re: Incident Response
From: "netsec novice" <netsec9 () hotmail com>
Date: Fri, 06 Dec 2002 16:46:36 +0000
By scan I mean trying to ftp, telnet, sunrpc to all of my public addresses sequentially. My general question is just when do I need to do something other than just check my firewall logs for the source address and verify they weren't successful in gaining access anywhere vs. actually reporting an incident.
Thanks for any feedback N
From: Gene <gyoo () attbi com> To: netsec novice <netsec9 () hotmail com> Subject: Re: Incident Response Date: Thu, 05 Dec 2002 15:23:41 -0800when you say scanned, what type of scan? if they are doing intrusive scan, i would go ahead and contact their administrator and explain to him about your concern, but make sure you have the data to back it up.IH really depends on what type. netsec novice wrote:Every day we get scanned by various entities and some are more persistent than others. I'm looking for input on when most of you decide to send an e-mail or make contact with the person listed as abuse contact or responsible party according to whois for the source address. Since most are coming from overseas I haven't bothered figuring I wouldn't get a response anyway and was also concerned that initiating contact may make things worse. Scans seem fairly commonplace so I generally don't get alarmed. I'd love to hear about your practices for incident handling.N _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail-- Gene Yoo, gyoo () attbi com
_________________________________________________________________Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Current thread:
- Incident Response netsec novice (Dec 05)
- <Possible follow-ups>
- Re: Incident Response netsec novice (Dec 06)
- Re: Incident Response H C (Dec 09)
- Re: Incident Response Chris Berry (Dec 10)
- Re: Incident Response Byrne Ghavalas (Dec 10)
- Re: Incident Response Meritt James (Dec 11)
- Re: Incident Response Byrne Ghavalas (Dec 10)