RE: [FW1] hacker 194.73.175.25

Thu, 15 Jun 2000 08:52:03 -0700

Title: RE: [FW1] hacker 194.73.175.25
Well, another option then may be to put a route in your internet router(s) for the offending subnet to an invalid IP address.  Doing that will cause all those packets to fall into the bit bucket and disappear.  Doesn't help your bandwidth any, but at least keeps from any responses, and hopefully stops you from being notified and perhaps they'll give up and stop doing it.
 
If your ISP isn't willing to service you, then perhaps it's time to look for a new ISP?  I pay my ISP a decent amount of money each month, I expect some amount of customer service....but that's just me, I'm a civilian I guess I have a little more leeway in that department... :)
 


Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp

-----Original Message-----
From: James Edwards [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 15, 2000 11:41 AM
To: 'Oxenreider, Jeff'; '[EMAIL PROTECTED]'; fw mailing list
Subject: RE: [FW1] hacker 194.73.175.25

That is not always an option.  My ISP (I work for the government) won't block scans, they have too much to manage with too little staff to worry about me.  I am on my own for the most part. 
 
I guess I need to qualify my remarks a little.  I don't always report scans.  I get at least one or two a week from Korea or Hong Kong.  I used to report them but never got a response so now just ignore them.  If I see a new country pop up, I'll generally report them just to see what happens.  I have gotten responses from Russia, Spain, Bahrain, Iran, India, China, England, France and a lot from the US and Canada.  I have been ignored by Japan, Korea, Hong Kong, and a few more.
 
I look on reporting these guys as my duty to the security community, sort of a golden rule thing because I know one thing for sure, I would DEFINATELY want to know if someone was scanning people from my network.
 
Jim Edwards
 
 -----Original Message-----
From: Oxenreider, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 15, 2000 8:33 AM
To: '[EMAIL PROTECTED]'; fw mailing list
Subject: RE: [FW1] hacker 194.73.175.25

I usually pass those types of things off to my ISP if I don't get a satisfactory response from the offenders ISP.  If nothing else, you can have YOUR ISP block the offending range of IP's from your ISP's router, that way it's not wasting any of YOUR bandwidth, and you leave the ball in your ISP's court to figure out how to solve, and it's not longer an issue on your network.

JMHO.



Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp

Reply via email to