Nathan E Norman <[EMAIL PROTECTED]> writes: [snip] > Well, that all depends ... do you consider port scanning criminal > activity or not? > > I do not - I think you should view a port scan as a possible indication > that someone intends to attack you.
Agreed. > It's also possible that someone is just exploring. Then they need educating that scanning such a vast range of ports is an unacceptable definition of `exploring'. > As a former network administrator I wasn't too worried about portscans > unless they were followed up with actual connections. I also used > portscans when needed to discover what users on the network were up to. Sure, but I hope you didn't let rip with them on other networks or sections of network over which you didn't have control. What I'd suggest is that the OP applies a scale to it: a few ports scanned in succession is not worthwhile waking a net-admin up for; a few ports scanned multiple times over is getting more interesting; a large range of points also bumps up the `score'; a repetitive attack on many sensitive ports (111/tcp, 53/tcp, 21/tcp, you know the sort of thing) would have me on the 'phone to whoever was listed in `whois`. > You could always send an email to the ISP in question and ask them what > they think; whether they want a copy of the logs, etc. Agreed. By the above scaling system, it could be worse. Still, it's worthwhile asking `oi you, what's up, d'you mind?' or somesuch. ~Tim -- Roobarb and Custard let fly |[EMAIL PROTECTED] with their secret weapon. |http://spodzone.org.uk/