[H-GEN] security
Martin Pool
mbp at wistful.humbug.org.au
Thu Sep 24 06:30:46 EDT 1998
On Thu, Sep 24, 1998 at 08:34:21AM +0100, Craig Eldershaw wrote:
> >I'm logging numerous port scans checking out the usual finger, telnet,
> >imap etc. So far so good. What should I do about them and at what
> >level should I do something (ie is one or two OK)?
>
> Well in general, any such information can be used to help build a
> pattern. If you don't need a response (ie. you don't think you were
> penetrated) then just mail off a copy of the relvant log extracts to
> the local contact address with FYI in the address. They can file it
> if it is of use, or look into it if it is from a new source/of a new
> pattern. Even if they know of it, then these emails help give them an
> idea of the scope of actions.
By `local contact address' do you mean their ISP, or AUSCERT, or
somebody else?
--
Martin Pool
More information about the General
mailing list