Depends on your policy. I report to my ISSO (Information Systems Security Officer) who forwards the incident to our CERT, who then handles it after that. I would suggest that you have a talk with management on how best to handle such incidents. I would think that since you are commercial you would contact CERT and work with them. Regards, Dennis Keller Network Security Administrator DDSP-Z [EMAIL PROTECTED] > -----Original Message----- > From: Dan <[EMAIL PROTECTED]> at internet01 > Sent: Monday, July 19, 1999 8:31 AM > To: [EMAIL PROTECTED] at internet01 > Subject: Response to hack attempt? > > > I'm sure that everyone on this list from time-to-time sees > hacking attempts such as port scans, or scans of ranges of > IP's on a specific port in their firewall logs. > > What is your typical response to this kind of activity? I know > about tracking down owners of IP's, etc with whois and the > Internic DB, but what do you do once you get that > information? > > A lot of this list is dedicated to stopping the hacking > attempts, but not much has been said on what to do > afterwards. > > Dan Lenhard > Systems Administrator > [EMAIL PROTECTED] > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > >
BEGIN:VCARD VERSION:2.1 N:Keller;Dennis FN:Keller Dennis (DDSP) ORG:DDC;DDSP NOTE:ASCE-ZW ADR;WORK:;DDSP-Z LABEL;WORK:DDSP-Z EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:19990603T143455Z END:VCARD
