[Snort-users] Firing off Abuse email based on Snort Traffic
skip at ...1552...
Thu May 29 19:14:03 EDT 2003
> How do other administrators handle genuine attacks and Portscans from
> International sources?
Persistant portscans we generally respond to by black holing the address
or network at the border routers or firewalls. Other attacks tend to get
more attention; it helps if you can engage the assistance of security
admins from other Internet locations (we once got the assistance of the
US Air Force when one of our investigations and theirs inadvertently crossed
paths; they were a great help in shutting down some Korean attacks!).
BTW: is anybody else seeing slow scans (3 or 4 addresses per day) apparently
coming from Cuba ?
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skip at ...1552...
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com
Monterey, CA. 93940
More information about the Snort-users