Security Basics mailing list archives
Re: Incident response to being scanned
From: H Carvey <keydet89 () yahoo com>
Date: 27 Apr 2003 11:39:43 -0000
In-Reply-To: <20030425051605.5458.qmail () www securityfocus com>
What is considered the best practice for dealing with
these incidents?
Should I be filing abuse reports with the ISPs of the
source IPs? This
obviously takes time. I am looking for a business
case to justify the
time spent responding.
If you're being scanned, that just means that you're connected to the Internet. The fact that the scans are not successful, and are being dropped, is a good thing. I guess my question is why would you waste time following up on each and every scan? Perhaps the reason you're having trouble developing a business case for this investment of time and energy is that...well, there isn't one. I followed up on a Nimda scan...once. But that's b/c the same IP kept showing up in my logs for three consecutive days. Other than that...forget it. Harlan --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Incident response to being scanned Bob Kelley (Apr 25)
- RE: Incident response to being scanned David Gillett (Apr 28)
- Re: Incident response to being scanned security () nuvox net (Apr 28)
- <Possible follow-ups>
- RE: Incident response to being scanned Fields, James (Apr 28)
- RE: Incident response to being scanned Allan Schon (Apr 28)
- Re: Incident response to being scanned H Carvey (Apr 28)
- Re: RE: Incident response to being scanned Bob Kelley (Apr 28)
- RE: RE: Incident response to being scanned Security News (Apr 28)
- Re: Incident response to being scanned Paris Stone (Apr 28)
- Re: RE: Incident response to being scanned Frank Gearhart (Apr 29)