Last time I checked, scanning or probing a system for security flaws, isn't
illegal (at least in this state it isn't).
So the only thing you can do is let the ISP know that the activity is going
on. Try to include the date, time and IP address so they can look up the
user in their RADIUS accounting log (assuming they use accounting). I'd
encourage every one to do this everytime they see a problem because I
believe (and I am not a attorney so check this out with yours) it is
possible to hold the ISP liable for damages their subscriber do if they knew
about the activity and did nothing to correct it.
> -----Original Message-----
> From: Dan [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, July 19, 1999 6:32 AM
> To: [EMAIL PROTECTED]
> Subject: Response to hack attempt?
>
> I'm sure that everyone on this list from time-to-time sees
> hacking attempts such as port scans, or scans of ranges of
> IP's on a specific port in their firewall logs.
>
> What is your typical response to this kind of activity? I know
> about tracking down owners of IP's, etc with whois and the
> Internic DB, but what do you do once you get that
> information?
>
> A lot of this list is dedicated to stopping the hacking
> attempts, but not much has been said on what to do
> afterwards.
>
> Dan Lenhard
> Systems Administrator
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
