Security Basics mailing list archives
Re: Incident Response
From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 09 Dec 2002 13:25:32 -0800
From: H C <keydet89 () yahoo com> > My general question is just when do I need to do > something other than just check my firewall logs for > the source address and verify they weren't successful in > gaining access anywhere vs. actually reporting an > incident. Why do anything? The general sense is that the return doesn't really justify the time required to report such things. So, if the scans are unsuccessful, why bother with them at all? Seems like a colossal waste of time...
You could write a script to automatically scan them back, if they know you're watching they'll probably be less interested in messing with you.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Live dangerously, overclock your servers." _________________________________________________________________Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Current thread:
- Incident Response netsec novice (Dec 05)
- <Possible follow-ups>
- Re: Incident Response netsec novice (Dec 06)
- Re: Incident Response H C (Dec 09)
- Re: Incident Response Chris Berry (Dec 10)
- Re: Incident Response Byrne Ghavalas (Dec 10)
- Re: Incident Response Meritt James (Dec 11)
- Re: Incident Response Byrne Ghavalas (Dec 10)