Re: [Sheflug] Security : Port scanning

[Bill Best <bill [at] xxxxxxxxxxxxxxx>]

> My new firewall went 'live' last night about 5pm and today when I checked
> the logs I've got about a dozen cases of port scanning from various sources.
> <question>
> Is all port scanning malicious?
Not always.

> What should be done if its found?
Nothing - but see below.

> Should I mail a report to the
> administrator detailed on the "whois" lookup page?
Life's too short.

> If these organisations
> are not the sort that would host or condone port scanning then it could be
> that either their IP has been spoofed or they have been compromised and
> someone else is running it from their systems.  Either way they probably
> want to know.
Maybe.

> Has anyone got a script to automatically do this mailing out?
http://www.mynetwatchman.com/


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

 GNU the choice of a complete generation.