I'm sure that everyone on this list from time-to-time sees
hacking attempts such as port scans, or scans of ranges of
IP's on a specific port in their firewall logs.
What is your typical response to this kind of activity? I know
about tracking down owners of IP's, etc with whois and the
Internic DB, but what do you do once you get that
information?
A lot of this list is dedicated to stopping the hacking
attempts, but not much has been said on what to do
afterwards.
Dan Lenhard
Systems Administrator
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
