"Chris Johnson" <chris [at] seseaz.org.uk> writes: > Is all port scanning malicious? No, but most is. ISP's do scan their customers to see if they're doing something dumb that might damage other users on their net, or just get people pissed at them). Also, depending on how your software defines portscanning legitimate attempts to determine if a service is running or somesuch might appear in your logs as a port scan. > What should be done if its found? Should I mail a report to the > administrator detailed on the "whois" lookup page? Probably you should, whether it's worth the effort would be up to you :) (I never did when I was an admin) > If these organisations are not the sort that would host or condone > port scanning then it could be that either their IP has been spoofed > or they have been compromised and someone else is running it from > their systems. Either way they probably want to know. Has anyone > got a script to automatically do this mailing out? Not a bad idea, but I'd be careful with such a thing that it doesn't send out excessive amounts of mail. -- Eric E. Moore
Attachment:
pgp00005.pgp
Description: PGP signature