On Mon, Apr 1, 2013 at 9:44 AM, Shane Mullins <tsmulli...@gmail.com> wrote: > What do you guys do when hosts scan your network? Some cases are obvious, > we had a large US University scanning our network for open http servers. > Contacted them and they took care of the issue.
Generally speaking, I might block them, but currently I prolly wouldn't even do that. (It matters that we don't have a large public netblock and so can't easily discern a bulk scan from someone mistyping an IP address or something.) The Internet is a public place, and while scanning is often nefarious, it's not against any rules in many cases. I'm certainly not going to bother contacting a network owner when it might not even violate any Terms of Service. It has to be abuse before the abuse desk cares. By analogy: A guy walking along the street looking at houses may be suspicious, but in most Western countries, isn't breaking any laws. If I call the cops they might send a cruiser, but if I make a habit of it they'll just mark me down as a paranoid nuisance. OTOH, if the same source e.g. starts repeatedly trying to brute-force our SSH server, *that* I might do something about. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin