* Levinson, Karl (LevinsonK@STARS-SMI.com) [030507 22:37]: > In addition to the other suggestions here, have you considered > www.mynetwatchman.com and/or www.dshield.org? These are two free services > which would let you see if anyone else has seen attacks such as this, as > well as automatically notify the relevant ISP [though I agree that this > often does not bring satisyfing results]. > > If you're like most people, you will receive so many of these types of > initial scans that you may find yourself unable to respond to each scan > personally. Make sure your firewall policy and systems are secure, and be > sure to look for connections that were permitted in addition to ones that > were dropped. I should mention, while www.mynetwatchman.com sends email to everyone about abuse, they respond to none. I've gotten quite a few emails from them regarding attacks from an IP address that I no longer use. I changed ISPs and the reverse DNS entry was never changed. Since the reverse DNS entry pointed to my domain, mynetwatchman.com assumed that security@ my domain was the correct place to send attack reports. I've sent them many emails to correct this error (and flaw in their system) but never recieved anything more than a useless automated response. -- Benjamin Krueger ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 15:52:22 PDT