[Snort-users] Incident Reporting--The When and How

Dan Hollis goemon at ...20...
Mon Jul 31 14:46:37 EDT 2000


On Mon, 31 Jul 2000, Steve Halligan wrote:
> - - -What types of activity should "piss me off"?  A portscan of a
> single port on my entire subnet?

yes

> An intrusion attempt on a service I don't actually have?

yes

also add to your list real attacks on services eg bind/portmap/imap buffer
overflows

> - - -I also find that abuse reports often get ignored by ISP's.  To what
> extent should I bug an ISP when one of their clients is doing naughty
> things?  Send that first report email and then forget about it?
> Follow up at some point?  Is there a higher power to resort to?

email first then phone call then follow up with their upstream

-Dan





More information about the Snort-users mailing list