Well, as a network administrator, I feel thusly: > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Tim Haynes > Subject: Re: i've been port scanned. now what > > > Nathan E Norman <[EMAIL PROTECTED]> writes: > > [snip] [...] > Sure, but I hope you didn't let rip with them on other networks > or sections > of network over which you didn't have control.
If I get a scathing phone call about someone scanning, say, <1024, one time through, I'm a gonna be pissed. > What I'd suggest is that the OP applies a scale to it: a few ports scanned > in succession is not worthwhile waking a net-admin up for; a few ports > scanned multiple times over is getting more interesting; a large range of > points also bumps up the `score'; a repetitive attack on many sensitive > ports (111/tcp, 53/tcp, 21/tcp, you know the sort of thing) would have me > on the 'phone to whoever was listed in `whois`. 1-1024 one time through = whatever, dude.. >1024 || (<1024 more than once) = This is more interesting Poking at specific ports = more interesting DoS coming from my system = Dammit, you had better wake me up! > > You could always send an email to the ISP in question and ask them what > > they think; whether they want a copy of the logs, etc. > > Agreed. By the above scaling system, it could be worse. Still, it's > worthwhile asking `oi you, what's up, d'you mind?' or somesuch. A polite email at any level would be appreciated, I do agree.. Something along the lines of "Hey, I noticed something funny..." -- T. Alex Swavely "So I though to myself, 'if this were the coolest place in the world, would they have only one pair of rubber party pants?'"