In "Building Internet Firewalls" (O'Reilly & Associates, Inc.)
there is a whole chapter about "reaction".
(The very first rule is: Don't panic! ;-)
---Oliver
----- Original Message -----
From: "Michael E. Cummins" <[EMAIL PROTECTED]>
To: "Firewalls Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, February 18, 2000 1:25 AM
Subject: Update: Someone is scanning me right now
(...)
> I suppose the proper reaction would be to:
>
> 1. Perform a traceroute to establish the last hop before the offender.
> 2. Perform a reverse lookup on this node expecting to yield an ISP or
some
> other form of connection.
> 3. Run a whois on the results to obtain information on the node.
> 4. Use this info to contact the appropriate authorities.
>
> If anyone can add to this, please do! I would love to write a standard
set
> of "reaction rules" to this type of intrusion (or attempted intrusion)
(...)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
