Re: RE: Incident response to being scanned
From: Bob Kelley (b0bk3ll3yjr_at_adelphia.net)
Date: 04/26/03
- Previous message: Bob Kelley: "Re: RE: DShield.org Recommended Block List"
- Maybe in reply to: Allan Schon: "RE: Incident response to being scanned"
- Next in thread: Security News: "RE: RE: Incident response to being scanned"
- Reply: Security News: "RE: RE: Incident response to being scanned"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security@riggstar.com> Date: Sat, 26 Apr 2003 5:13:51 -0400
Yes. All patched, behind a sound firewall and IIS Lockdown. It's a static site so URLScan works like a champ.
>
> From: "Security News" <security@riggstar.com>
> Date: 2003/04/26 Sat AM 01:53:22 EDT
> To: "Bob Kelley" <b0bk3ll3yjr@adelphia.net>
> Subject: RE: Incident response to being scanned
>
> Heck yeah, report those folks to their ISPs. Also, is your webserver locked
> down, and I don't only mean security patches?
>
> -----Original Message-----
> From: Bob Kelley [mailto:b0bk3ll3yjr@adelphia.net]
> Sent: Friday, April 25, 2003 1:16 AM
> To: security-basics@securityfocus.com
> Subject: Incident response to being scanned
>
>
>
>
> In reviewing my firewall and web server logs, I see repeated attempts from
> several ip addresses to scan my network as well as infect my webserver with
> code red. The source addresses are not always the same. I am confident
> that I don't have any holes in my firewall and my webserver is up to date.
> I perform weekly vulnerability scans of my equipment to make sure I am
> covered. What is considered the best practice for dealing with these
> incidents? Should I be filing abuse reports with the ISPs of the source
> IPs? This obviously takes time. I am looking for a business case to
> justify the time spent responding. Thanks
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
> world's premier event for IT and network security experts. The two-day
> Training features 6 hand-on courses on May 12-13 taught by professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor
> sales pitches. Deadline for the best rates is April 25. Register today to
> ensure your place. http://www.securityfocus.com/BlackHat-security-basics
> ----------------------------------------------------------------------------
>
>
>
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------
- Previous message: Bob Kelley: "Re: RE: DShield.org Recommended Block List"
- Maybe in reply to: Allan Schon: "RE: Incident response to being scanned"
- Next in thread: Security News: "RE: RE: Incident response to being scanned"
- Reply: Security News: "RE: RE: Incident response to being scanned"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
