Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firing off Abuse email based on Snort Traffic

From: Skip Carter <skip () taygeta com>
Date: Thu, 29 May 2003 18:45:00 -0700



How do other administrators handle genuine attacks and Portscans from
International sources?


  Persistant  portscans we generally respond to by black holing the address
  or network at the border routers or firewalls.  Other attacks tend to get
  more attention; it helps if you can engage the assistance of security
  admins from other Internet locations (we once got the assistance of the
  US Air Force when one of our investigations and theirs inadvertently crossed
  paths; they were a great help in shutting down some Korean attacks!).


  BTW: is anybody else seeing slow scans (3 or 4 addresses per day) apparently
  coming from Cuba ?



Skip

  

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            













-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: