> -----Original Message-----
> From: McEwen, Don (NCI) [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 15, 2000 2:08 PM
> To: [EMAIL PROTECTED]
> Subject: RE: How to keep port scannings away?
>
>
[SNIP]
> The question that I have is what do others do with these.
> Lots of them
> come from RIPE networks, ever get through them to the user or
> netadmin ???
>
Sigh. . .RIPE is simply a registry; if you enter the ip of a block
registered via RIPE at arin's (The American Registry of Internet
Numbers, after all) search engine, it will give you RIPE. However, if
you then go to RIPE and enter the IP, it will give you the actual
owner. RIPE will not respond to incident reports (any more than ARIN
would). I have found that my success at getting responses from blocks
registered at RIPE is only slightly lower, and that could easily be
accounted for by language differences.
http://www.ripe.net/ is RIPE's web site. If ARIN reports RIPE as the
registrar, go to RIPE's page to continure investigating, and to find
out who to send the complaint to.
HTH.
Henry
> Don
>
> >From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, December 15, 2000 1:00 PM
>
> >Install one of the various firewalls or packet filters to block
such
> >actions.
>
> >Thanks,
>
> >Ron DuFresne
>
> On Fri, 15 Dec 2000, Charles Luo wrote:
>
> > hi, guys
> >
> > A few days ago, I installed snort-1.3.6 on one of my
> company LAN machines.
> By checking log files daily, I found that our firewalls are
> scanned 3-4
> times daily, . Some of them scan normal ports, such as 80,
> 8080, 111; but
> some of them scan ports like 1243, 21, 22, 1080 etc . I
> suppose that the
> people scan the later ones could have some tendencies in mind.
> >
> > So, can anyone suggest me how to keep those scannings away
> ? If it is
> unavoidable, what I should do in order to reduce the damage
> as lower as
> possible?
> >
> > Thank you in advance,
> > Charles
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
