Often, hacking activity from a site is evidence that they've been
compromised. I had a situation just this month where an attack from a
site turned out to have come from a compromised host. Sites probably
appreciate hearing about these kinds of things for that reason.
-Jason
On Thu, 18 Mar 1999, Gary Maltzen wrote:
> Date: Thu, 18 Mar 1999 15:22:54 -0600
> From: Gary Maltzen <[EMAIL PROTECTED]>
> To: Joshua Chamas <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: Netbus Scanner Response ?
>
> I won't tolerate such activity on nets for which I am responsible; I figure
> why should I blow it off from elsewhere.
>
> FWIW, every administrator I've notified about exploits (including AOL, IBM,
> USWest and UUNET) has responded in a positive manner indicating that they do
> not tolerate that activity on the part of a customer.
>
> I usually use 'nslookup' and 'whois' to find the ISP and send e-mail to
> abuse@site.
>
> -----Original Message-----
> From: Joshua Chamas <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, March 18, 1999 2:00 PM
> Subject: Netbus Scanner Response ?
>
>
> Hi,
>
> I'm new to the firewall crowd, and don't know the proper response when
> what seems to be wannabe hackers doing a port scan of your subnet.
> In this case it was someone checking port 12345 which seems to be
> associated with the win32 trojan/virus NetBus.
>
> Since the kid was coming from AOL, I reported the incident to them,
> but what really should be the appropriate response. I kind of feel
> like is was a piece of spam I was reporting with how trivial
> the port scan was. Maybe I need to just accept these incidences
> as a natural part of maintaining a firewall ?
>
> Thanks,
>
> Joshua
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
