[H-GEN] security
Craig Eldershaw
ce at comlab.ox.ac.uk
Thu Sep 24 03:34:21 EDT 1998
>I'm logging numerous port scans checking out the usual finger, telnet,
>imap etc. So far so good. What should I do about them and at what
>level should I do something (ie is one or two OK)?
Well in general, any such information can be used to help build a
pattern. If you don't need a response (ie. you don't think you were
penetrated) then just mail off a copy of the relvant log extracts to
the local contact address with FYI in the address. They can file it
if it is of use, or look into it if it is from a new source/of a new
pattern. Even if they know of it, then these emails help give them an
idea of the scope of actions.
Cheers,
Craig.
More information about the General
mailing list