[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] Port Scanning
On Wed, 28 Apr 1999 darrell@gallup.com wrote:
> What should a person do if you find someone scanning your ports on the
> firewall ? I contacted the company that was doing it, and they
> investigated, and said that it was not them. They thought someone was
> "spoofing" the IP......
It is possible that someone is spoofing their IP address, but this would
require that the attacker have connectivity to the real system at the
spoofed address while he was scanning you. In other words, if it did not
come from them then they should have log entries identifying who was
monitoring their system at the time. If they can not produce these logs,
chances are they do not have the data to accurately tell you that the
attack did not come from them in the first place. It could also be that
they have had a system penetrated/trojaned and they do not even know it.
In either case, they are part of the problem. I would cc all
corrispondents with them to "abuse@their_isp" and see if that gets a
reaction out of them. Most legit organizations do not want their ISP
thinking they are up to something funny.
Happy hunting,
Chris
--
**************************************
cbrenton@sover.net
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================