>Does anyone have a suggestion for response to probes of every port number on a
>certain ip address? Should it just be ignored, or should the probing sites
>admin be contacted?
Well cannot speak to any policy but what *I* do is to record the probing IP,
find the domain owner and the local sysadmin, and send copies of the log
with the simple question: "Why ?" Usually this is enough.
Will say that there are several products on the net that can do this including
one that is included in the FWTK (I have written one for the PC myself) since
it is not difficult at all todo. However usually response time is slow enough
that people do not do it to remote systems, at least not the blanket strobe
you were seeing (in fact if it was the first 30,000 ports only, it probably
was the FWTK).
Further, I generally delay the inquiry 24 hours so that outsiders have no
idea how often I check things but then I'm paranoid.
Will say that IMHO there is only two reasons for such a probe: an intruder
looking for a weakness and a professsional doing the same thing, if not
for you (and you would know about that), then working for someone else.
Warmly (70F - what we put up with summer for),
Padgett
|
|
