At 05:19 PM 3/13/2003 -0500, McBurnett, Jim wrote:
Hello, I am just curious about this. I see a rather unusual # of SNMP queiries and port scans from DSL IP blocks in the US...
How many of you really go after the script kiddies doing this?
I know 1, 2 or even 3 a day is not a concern for me, but when I get 3 a day from the same source IP allocation, I start wondering...
There is so much of it, I liken it to Internet background radiation. In fact, if I didnt see a constant stream of this (either by accident-- SNMP auto discovery, or design-- lets find all the 'private' routers and switches out there) I would be more worried as my network probably has been blackholed! In terms of reporting it, I usually do if its more than just some automated probe and is a directed attack against a particular device and is causing some grief or potential grief. But it would be a full time job evaluating and responding to each and every scan/hack attempt as the volume is way too high. I think something like dshield is going in the right direction. Ultimately if these things are not reported and the people doing them sanctioned somehow, it wont stop. Also, its March Break in many parts of North America... More time to do these sorts of things. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike