[Snort-users] Win* machines - port 139 scans

Wozz wozz+rt at ...471...
Sun Oct 1 23:44:49 EDT 2000


On Sun, Oct 01, 2000 at 02:22:22AM -0500, John A. Bornt wrote:
> After looking at Lance's scans I had to laugh. I had a snort box on the wire
> of a company I worked for (up until three weeks ago) that was an ISP
> downstream from bellsouth.net. We got the exact scans everyday from numerous
> bellsouth subnets. I pasted some of the captures into an e-mail to the abuse
> address and sent it off with an explanation. Their response was that they
> couldn't do anything to help me without timezone information. In other
> words, they didn't want to do anything.
> 

I run the security/abuse department for a large national ISP, and there's
no question that without time zone information to correlate with DHCP logs
there is nothing we could do.  I can only speak for my own group, but we
are more than happy to hear about our customers that are causing problems,
but if we don't receive enough information, we can't do anything about the
situation.  



More information about the Snort-users mailing list