On Wed, 11 Mar 2009, Darden, Patrick S. wrote:
I think your next step is your lawyer. Put all your missives, your email, your phone conversations, your logs, your auditing results, your detection troubleshooting and sleuthing trails etc. in a folder, create a one page summary including any damages you feel might have been caused (e.g. time, effort, and money spent on this so far) and a timeline, and make an appointment with your lawyer.
I wouldn't necessarily believe the response from Covad and try to escalate to someone with a bit more clue there...but what's the point in getting lawyers involved? Whatever access isn't supposed to be open should be filtered. Beyond that, you should expect regular scans from random hosts on the net. That's the way it's been for the past 20 or more years, and it's unlikely to stop just because you don't like it. What effect will your lawers have next week when the 'abusive scans' are coming from Romania, China, Russia, etc.?
If port scans really bother you, then you should setup a system to detect them, and regularly rebuild ACLs/null route lists/etc. to stop them in near real time. AFAIK, Cisco sells such a product, as do other network vendors I'm sure.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________