[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Comments on what to do when scanned ...

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Comments on what to do when scanned ...
From: Mark Hayes <mark.hayes@wpcorp.com.au>
Date: Sun, 03 Oct 1999 19:20:44 +0800



Hope this is the right place for the question.  What to do when scanned
?

What I do ?
------------

When I pick up our firewall has been scanned - usually by looking at the
logs each morning I typically do a traceroute to the source address and
send a message to
the 'postmaster' of the hop prior to it.   Sometimes I get replies,
(often automated)
advising that the matter will be looked into, sometimes they bounce ...

If the scan is coming from another country (im in oz) what do other
administrators
do - so for example if the return address was an '.edu' domain ;>

Is 'abuse.net' a possible alternative ?

Mark Hayes
Network Administrator





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] 2 bad ports
Next by Date: Re: [FW1] Proxy server
Prev by thread: [FW1] Certficate authentication with smart card
Next by thread: Re: [FW1] Proxy server
Index(es):
- Date
- Thread