I would contact the SysAdmin. This may be indicative of unacceptable
activity at their site. It may also be a precursor to more malevolent behavior.
msk
At 01:57 PM 12/28/94 MST, tom @
pserv1 .
dot .
state .
az .
us wrote:
>Brian Stormont writes:
>> Date: Wed, 28 Dec 94 11:01:32 EST
>> From: "Brian Stormont" <brian_stormont @
projo .
com>
>> To: firewalls @
greatcircle .
com
>> Subject: Doorknob twisting
>>
>> Does anyone have a suggestion for response to probes of every port number
on a
>> certain ip address? Should it just be ignored, or should the probing sites
>> admin be contacted? I realize it's not necessarily harmful activity,
so I'm
>> not looking for ideas for retribution; I was just curious was policy
might make
>> the most sense.
>>
>> Recently we've started getting such broadband probes at our site.
>>
>> Thanks,
>>
>> -brian
>
>By all means, contact the remote system admin. I was recently contacted
>by a major university that was receiving ntp (port 123) datagrams from my
>WAN. Turned out one of our vendors had broken NTP code that was spraying
>out packets to random broadcast addresses. The moral of the story, you
>just might be doing them a favor... tom
>--
>Tom Brink tom @
dot .
state .
az .
us
>Technical Support Specialist
>Technical Research Center
>Information Services Group
>Arizona Department of Transportation
>
>
******************************************************************
Mark S. Kadrich, Systems Engineer, International Network Services
"The Power of Operable Networks"
Voice @ 415-254-4225, Page @ 1-800-759-7243; PIN 879-5783
e-mail @ kadrich @
uni .
ins .
com
Security is a process, not a solution.
******************************************************************
|
|
