[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] PortSentry/Active System Attacks

Subject: Re: [cobalt-security] PortSentry/Active System Attacks
From: Bill Irwin <bill_irwin@xxxxxxxx>
Date: Mon, 14 May 2001 09:18:41 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Glen Scott wrote:
> 
> Hi all,
> 
> Just a quick question- is it worth reporting system scans to the
> relative network owners?
> 
> Regards,
> 
> Glen

My general rule of thumb for reporting this kind of stuff is when I see
the same IP several times or when its an all out obvious attack / probe.
If they initiate various probes on ALL my ports, I would assume an
attack. If its just a scan and I see their IP once, I make a mental or
physical note of it. If I see it again in a month's time, I report to
proper authorities.

I once had a port scan on my machine for a trojan several times in 3
weeks by the same IP. I reported to the abuse@xxxxxxx and was notified a
week later the offending person's account had been terminated after it
was determined by their ISP they were abusing the acct. This was a bit
unusual though, I *Actually* got a response from someone. =)

-- 
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.

References:
- [cobalt-security] PortSentry/Active System Attacks
  - From: Glen Scott

Prev by Date: Re: [cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption
Next by Date: Re: [cobalt-security] PortSentry/Active System Attacks
Previous by thread: Re: [cobalt-security] PortSentry/Active System Attacks
Next by thread: [cobalt-security] Sendmail error messages?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index