Security Incidents mailing list archives
Re: Ok, we've been scanned.. ..now what!
From: Robert Bussey <robert () PCIWIZ COM>
Date: Tue, 8 Aug 2000 13:58:23 -0400
So goes life on the Internet. I would assume that many other on your IP block were scanned as well. That's what people do. Sometimes, usually the weekend, people will scan entire classes of IP addresses. My advice is to not get your panties up in a ball and simply disregard these as mischievous probes. Worry about it if they start trying to penetrate your network. I'm sure (hopefully) you have plenty of other things to worry about than some script kiddies wacked out on Jolt and Ding Dongs. -----Original Message----- From: Steven M. Klass [mailto:sklass () ANDIGILOG COM] Sent: Monday, August 07, 2000 7:45 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Ok, we've been scanned.. ..now what! Hey all, Well this weekend was a particularly active weekend for the scanners.. It appears that I have been scanned several hundred times by the same moron. What is the proper procedure for telling these idiots to know it off. I mean I know that it is coming from the aol spectrum from a traceroute, so what's next? Do any of you have scripts to deal with this. I was thinking about possibly implementing a dynamic ipchains protocol that sees a scan and after n times blocks that idiot for a week or so, on all ports. Does anyone have such a beast that would like to share that with me? I also thought about more devious things, like nmaping the moron and flooding his available ports.. Fight fire with fire.. Any ideas? Steven M. Klass Physical Design Engineering Manager Andigilog Inc. 7404 W. Detroit Street, Suite 100 Chandler, AZ 85226 Ph: 602-940-6200 ext. 18 Fax: 602-940-4255 sklass () andigilog com http://www.andigilog.com/
Current thread:
- Ok, we've been scanned.. ..now what! Steven M. Klass (Aug 08)
- Re: Ok, we've been scanned.. ..now what! Ben Laws (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Bill Pennington (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Valdis Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: Ok, we've been scanned.. ..now what! Robert Bussey (Aug 09)