Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: what should I do when....
From: Adriel Desautels <adriel () netragard com>
Date: Tue, 08 Jul 2008 08:48:47 -0400
Hi George,
My initial reaction to this is that you should block all IP addresses belonging to that company *if* you do not need to communicate with them via the internet. My secondary reaction is to tell you not to advertise what sort of technology you are using in public forum (this mailing list). You don't know if the *attacker* is subscribed to this mailing list or not.
My professional recommendation for recourse is that you call the company that *owns* the IP address in question. Let them know that suspicious activity is sourcing from their IP address(es) to yours and tell them that you would like it to stop.
With that said, I'd also recommend that you evaluate the security of your IT Infrastructure. You don't sound too confident that you can prevent the proverbial hacker from penetrating your infrastructure. I suggest that you consider installing some HIDS and NIDS technologies like OSSEC + prelude-ids + snort + prelude-lml (Open Source and effective). 
        

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Jorge L. Vazquez wrote:
for the last 2 days I've been getting lots of connections attempts on my firewall logs(ipcop firewall), from a specific ip based in Canada, the log is showing a 
*
*
NEW not SYN?
it seems that someone is trying to initiate a connections, or may be a scan. Although the good thing is that the firewall is detecting them therefore stopping them, I'm getting worried of hacker activity, I've already done ip lookup, and dns whois query both of those point to ip and host in Canada it seems to be a company as I got their public website and also private network.....could anyone advice me what's the proper course of actions in this case?.... 

thanks
Jorge L. Vazquez
www.pctechtips.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]