nanog mailing list archives
Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx
From: Greg Poirier <poirierg () corp earthlink net>
Date: Fri, 26 Oct 2001 16:22:41 -0400
On Fri, Oct 26, 2001 at 12:57:55PM -0700, Adam McKenna wrote:
I think that Alex's point is that if you want to *really* have a secure network, you can't do it by sending out automated mails every time a stray packet hits your network. That's likely to cause way more annoyance than any good it could possibly do. A much more effective way of proceeding would be to have a person looking at each and every incident, deciding whether it merits a notice to the offending network, and then sending a personal, non-threatening mail. --Adam -- Adam McKenna <adam () flounder net> | GPG: 17A4 11F7 5E7E C2E7 08AA http://flounder.net/publickey.html | 38B0 05D0 8BF7 2C6D 110A
Now I think that might be a bit much.. but you are right.. Sending out e-mails like this is rather annoying. Instead of reporting every little http request, maybe filter it so that only very suspicious ports are reported? Not that they're here to hear advice, but it's the thought that counts. -- Greg Poirier System Administrator EarthLink, Inc. Multi-Function Engineering (404) 748-7106 Atlanta, GA
Current thread:
- EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Valdis . Kletnieks (Oct 26)
- RE: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Vivien M. (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Dan Hollis (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Christopher A. Woodfield (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Adam McKenna (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Greg Poirier (Oct 26)
- <Possible follow-ups>
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Dan Hollis (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Alex Rubenstein (Oct 26)
- Re: EXAMPLE: ### xxx Canada detected a penetration attempt from 209.123.x.229. Incident# xxxx Simon Lockhart (Oct 26)