[Snort-users] Firing off Abuse email based on Snort Traffic

Skip Carter skip at ...1552...
Thu May 29 19:14:03 EDT 2003

> How do other administrators handle genuine attacks and Portscans from
> International sources?

  Persistant  portscans we generally respond to by black holing the address
  or network at the border routers or firewalls.  Other attacks tend to get
  more attention; it helps if you can engage the assistance of security
  admins from other Internet locations (we once got the assistance of the
  US Air Force when one of our investigations and theirs inadvertently crossed
  paths; they were a great help in shutting down some Korean attacks!).

  BTW: is anybody else seeing slow scans (3 or 4 addresses per day) apparently
  coming from Cuba ?



 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            

More information about the Snort-users mailing list