OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Scans... (was Re: 3 Solaris reboot in 3 days)
From: Ben Laws (benION.AS.UTEXAS.EDU)
Date: Wed Aug 02 2000 - 10:27:02 CDT

Pierre Vandevenne wrote:
>
> What do you think ? What would you do if it was your network ?
>

Howdy Pierre --

In these hostile times, I do little more than make note of the
originating IP & type of probe when my network is scanned. The IP goes
on a list which I check to expose repeat offenders. Notification of
ISPs due to scanning activity is seemingly futile, and perhaps not
appropriate for a single scan. The activity is currently legal, and
hopefully will remain so. That doesn't mean it isn't rude :-) Usually
I do investigate the originating IP address... if it looks like the
system may be compromised and belongs to a specific business, I'll give
them a heads up. So far, I haven't had any hackers persistant enough to
warrant blocking IPs/netblocks at the router. It's only a matter of
time however...

ciao,
Ben Laws
Systems Analyst
Hobby-Eberly Telescope
UT McDonald Observatory