Re: Attempted Intrusions
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 11/13/03
- Next message: james: "swen fix"
- Previous message: Karl Levinson [x y] mvp: "Re: AD and netbios"
- In reply to: Brad: "Attempted Intrusions"
- Next in thread: Kent W. England [MVP]: "Re: Attempted Intrusions"
- Reply: Kent W. England [MVP]: "Re: Attempted Intrusions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Nov 2003 21:45:57 -0500
Assuming these are just port scans that are blocked at your firewall, then
suing is not likely to work. Ask a legal expert or search www.google.com
for previous successful prosecution. Nor is calling law enforcement or the
local FBI office, unless you can prove over around $2000 US in lost funds
from a single incident. 45 port scans in one day is rather low, I'm
surprised you're worried about it. It is inevitable, and a lot of the scans
are from innocent computers that have been infected with a virus or
otherwise compromised, from spoofed IP addresses, are false alarms or just
mystery traffic, etc.
I would really recommend not researching every port scan manually. Instead,
get the free software from www.mynetwatchman.com or www.dshield.org These
automatically determine the correct ISP and report the incident for you.
They also help you by giving you an insight into what other IP addresses a
particular attacker is also scanning, information you can't easily get any
other way.
The ISPs cannot respond to you. You have insufficient evidence of
wrongdoing and they are busy with tons of other requests like yours, plus
there may be legal liability issues to giving you information about one of
their accounts used for illegal activities. No response is the norm for
ISPs... however, no response does not always mean nothing was done, just
that you will rarely find out what if anything was done.
"Brad" <anonymous@discussions.microsoft.com> wrote in message
news:003401c3a7b0$128059b0$a401280a@phx.gbl...
> I don't know where to looks for this info so, I'm just
> getting opinions... Here's the situation:
>
> Every morning, my corporate firewall has generated between
> 10 and 45 alarms indicating anything from port scans, sub
> seven attacks - you name it. I try to weed out the known
> DNS servers but, I do keep seeing some of the same old IP
> blocks over and over. This would indicate that I am have
> become a target for some punk(s).
>
> I do DNS lookups for all offending IPs and send the abuse@
> address of the ISP a copy of the notice (along with the
> GMT of the event). Most of the ISPs never respond back or
> I get an automated email. My question:
>
> I am seriously considering filing suit against the major
> offending ISPs for not only providing the means for their
> customers to waste a lot of my time but, because they do
> nothing to prevent it, they're giving the customer safe
> harbor from which to launch these attacks. Is this
> unprecedented or has this type of suit happened before?
>
> I'm not a sue-happy sysadmin, I'm just tired of the BS
> from the big ISPs. Thanks.
- Next message: james: "swen fix"
- Previous message: Karl Levinson [x y] mvp: "Re: AD and netbios"
- In reply to: Brad: "Attempted Intrusions"
- Next in thread: Kent W. England [MVP]: "Re: Attempted Intrusions"
- Reply: Kent W. England [MVP]: "Re: Attempted Intrusions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
