Well, policy is a strong word, but I review the firewall logs each morning, and
anything that catches my attention gets an email to the administrator/security of the
offending domain. Repeat offenses typically include a cc to the upstream provider.
I get a variety of responses to my emails, from totally ignoring them to just this
morning I got a phone call from someone. Sometimes they don't know they have a
problem, or can't trace the problem, and I send firewall log entries to help. There's
one company "mapping the Internet" that I've notified several times, at increasing
levels of hostility. They just apologize for any inconvenience, but then the next
day is another scan.....
My $0.02, and worth both pennies to you I'm sure... :)
-Michele
declan mckibben wrote:
> Hi
>
> Do you folk exercise a particular policy for intrusion attempts, port
> scanning and the like? Do you ignore it, report it to an ISP, some other
> group etc?
>
> I am the firewall admin where I work and am working off a policy meshed
> from the IT Security Cookbook and some of the publications at Sans.
>
> Comments would be very welcome.
>
> Regards
>
> --
> Declan McKibben
> Project Manager
> IT Development
> RTE
> Donnybrook
> Dublin 4
> Ireland
>
> t +353-1-2083698
> f +353-1-2083080
> e [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
