[Snort-users] Incident Reporting--The When and How
goemon at ...20...
Mon Jul 31 14:46:37 EDT 2000
On Mon, 31 Jul 2000, Steve Halligan wrote:
> - - -What types of activity should "piss me off"? A portscan of a
> single port on my entire subnet?
> An intrusion attempt on a service I don't actually have?
also add to your list real attacks on services eg bind/portmap/imap buffer
> - - -I also find that abuse reports often get ignored by ISP's. To what
> extent should I bug an ISP when one of their clients is doing naughty
> things? Send that first report email and then forget about it?
> Follow up at some point? Is there a higher power to resort to?
email first then phone call then follow up with their upstream
More information about the Snort-users