Snort mailing list archives
Re: Firing off Abuse email based on Snort Traffic
From: Skip Carter <skip () taygeta com>
Date: Thu, 29 May 2003 18:45:00 -0700
How do other administrators handle genuine attacks and Portscans from International sources?
Persistant portscans we generally respond to by black holing the address or network at the border routers or firewalls. Other attacks tend to get more attention; it helps if you can engage the assistance of security admins from other Internet locations (we once got the assistance of the US Air Force when one of our investigations and theirs inadvertently crossed paths; they were a great help in shutting down some Korean attacks!). BTW: is anybody else seeing slow scans (3 or 4 addresses per day) apparently coming from Cuba ? Skip -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Kettler (May 29)
- RE: Firing off Abuse email based on Snort Traffic Chris (May 29)
- RE: Firing off Abuse email based on Snort Traffic dave (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Erek Adams (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Skip Carter (May 29)
- Re: Firing off Abuse email based on Snort Traffic Budi Rahardjo (May 29)
- Re: Firing off Abuse email based on Snort Traffic Michael H. Warfield (May 29)
- RE: Firing off Abuse email based on Snort Traffic Chris (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Kettler (May 29)
- Re: [OT] Firing off Abuse email based on Snort Traffic Matt Howell (May 30)
- Re: [OT] Firing off Abuse email based on Snort Traffic james (May 30)
- <Possible follow-ups>
- RE: Firing off Abuse email based on Snort Traffic bmcdowell (May 29)