At 08:31 AM 7/19/99 -0500, Dan wrote:
>I'm sure that everyone on this list from time-to-time sees
>hacking attempts such as port scans, or scans of ranges of
>IP's on a specific port in their firewall logs.
>
>What is your typical response to this kind of activity? I know
>about tracking down owners of IP's, etc with whois and the
>Internic DB, but what do you do once you get that
>information?
>
>A lot of this list is dedicated to stopping the hacking
>attempts, but not much has been said on what to do
>afterwards.
I always send something out to the Network Admin because it can tell them
that they have a compromised system or that they have a user leaning to the
dark side of the force. Sometimes they even write back to me, and on some
occasions, they have actually thanked me.
-- Joe
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
