[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Security : Port scanning
Dear All
<preamble>
It was great to meet some of you at SHU on Saturday and thanks go to Richard
for the talk and information on security.
I've now got a Cyrix 6x86 133MHz/1GB/64MB firewall running IP Cop. It seems
to be overkill specification wise but we had nothing slower (that I wasn't
planning to use as a thin client)
Once I got it downloaded and accepting 3c509 cards (see notes on the IPCop
page) all seems well.
</preamble>
<important bit>
My new firewall went 'live' last night about 5pm and today when I checked
the logs I've got about a dozen cases of port scanning from various sources.
<question>
Is all port scanning malicious?
What should be done if its found? Should I mail a report to the
administrator detailed on the "whois" lookup page? If these organisations
are not the sort that would host or condone port scanning then it could be
that either their IP has been spoofed or they have been compromised and
someone else is running it from their systems. Either way they probably
want to know.
Has anyone got a script to automatically do this mailing out?
</questions>
</important bit>
Chris Johnson
ICT Consultant
South East Sheffield Education Action Zone
E-mail : chris [at] seseaz.org.uk
Web : http://www.seseaz.org.uk
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.476 / Virus Database: 273 - Release Date: 24/04/2003
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.