Forward the logs of the attempt to the ISP contact (often there will be an
[EMAIL PROTECTED] address for such things). Make sure your logs have a timestamp, and
include your timezone with it. Also, include a little note describing what the
would-be hacker was trying to do to you, just in case the abuse contact or admins of
the ISP are not as astute at hacker activites as you.
Stacy Brown
Network Business Unit / Security Team
Acxiom Corp.
> -----Original Message-----
> From: Dan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 19, 1999 8:32 AM
> To: [EMAIL PROTECTED]
> Subject: Response to hack attempt?
>
>
> I'm sure that everyone on this list from time-to-time sees
> hacking attempts such as port scans, or scans of ranges of
> IP's on a specific port in their firewall logs.
>
> What is your typical response to this kind of activity? I know
> about tracking down owners of IP's, etc with whois and the
> Internic DB, but what do you do once you get that
> information?
>
> A lot of this list is dedicated to stopping the hacking
> attempts, but not much has been said on what to do
> afterwards.
>
> Dan Lenhard
> Systems Administrator
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
