Greg McCarroll <[EMAIL PROTECTED]> writes: > So for 2 days now I've been portscanned and attacked by CGI > vunerability "tewls" from the same address 217-35-113-70. I'm start to > get a bit irritated, so what advice do people have for me? Baring in > mind I'm with the same ISP as the attacker (or at least the attackers > IP)
I would just forget it. The chances of anyone (police, ISP) being interested is quite frankly low unless real (monetary) harm can be demonstrated. How do you know that UK ip address hasn't been hacked by someone aboard? What are the chances of some 14 year old boy in Korea being arrested unless he has been messing with .mils? If you put a random box on the net it seems to attract (last time I checked) about the order of 10 port scans/windowish CGI exploit attempts a day. With worms, automated and distributed attack tools and scanners (with their own userland networking stacks optimised for speed) which can scan 100000 hosts/sec so I can only see this problem getting worse. Packet filtering is the only action you can take. The script kiddies will eventually grow up and become programmers anyway. -- Steve Mynott <[EMAIL PROTECTED]>