Re: What to do with a naughty IP?

From: Dennis (dennis_at_etinc.com)
Date: 05/25/03 

Date: 25 May 2003 10:53:53 -0700

Our Bandwidth management product allows you to "Trigger" on such
events (port scans, access to invalid IPs or ports, attempted file or
url accesses) and will dynically create a temporary "block" to the
source IP (or whatever other action you chose). Many ISPs found it
particulary useful with worm and code red attacks.

dennis
www.etinc.com

TC <TCNoSpam@sunlink.net> wrote in message news:<3ED0D8F2.4000201@sunlink.net>...
> Vamp wrote:
> > If Norton personal firewall tells me that IP x.x.x.x is attempting a
> > Trojan horse attack, what can I do with this information? Is there any
> > way I can send this ip a message such as some program that will look for
> > any messaging app running on that ip and send message to it. Can Trylian
> > do something like this? I know it is futile but I just started runing a
> > firewall after not running one for a while and now am curious what I can
> > do with problem ip's. Any automated way to send the isp a message with
> > the necessary tracing info? By the way I liked the sygate firewall but I
> > also like the fact that Norton tells me about offending ip's and give me
> > a way to get more info on the source. Can sygate do something like this.
> > It would be cool if a firewall traced offending ip's and gave you a
> > simple yes/no way to send an email to the domain admin about attacks.
> > Anything out there do this?
> >
> > Thanks
> >
> > Vamp
> >
> >
> >
> The following site allows you to cross-reference IP to Domain Name and
> vice versa.
>
> http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2name

Relevant Pages

  • Re: Port 80
    ... > Sygate Firewall 5.0 air tight ... > If I close port 80 then I cannot browse. ... firewall shit which you even recommended to others since this exmaple ... A foreign body and a foreign mind, ...
    (comp.security.firewalls)
  • Re: SP2 via Update V5 with Sygate Firewall.
    ... >> Some research reveals that it is necessary to disable the Sygate firewall or ... >> at least enable SVCHOST.EXE on port 443 to get any updates at all. ... >> to disable the firewall and invite in the bad guys while waiting for SP2 to ... > port 443 for svchost to use windows update. ...
    (microsoft.public.windowsxp.general)
  • Re: SP2 via Update V5 with Sygate Firewall.
    ... > Some research reveals that it is necessary to disable the Sygate firewall or ... > at least enable SVCHOST.EXE on port 443 to get any updates at all. ... > to disable the firewall and invite in the bad guys while waiting for SP2 to ... port 443 for svchost to use windows update. ...
    (microsoft.public.windowsxp.general)
  • Re: What to do with a naughty IP?
    ... >firewall after not running one for a while and now am curious what I can ... >the necessary tracing info? ... By the way I liked the sygate firewall but I ...
    (comp.security.firewalls)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)