|
Security Basics
what should I do when.... Jul 04 2008 02:05AM Jorge L. Vazquez (jlvazquez825 gmail com) (3 replies) Re: what should I do when.... Jul 08 2008 12:48PM Adriel Desautels (adriel netragard com) (1 replies) RE: what should I do when.... Jul 04 2008 11:50PM Sergio Castro (sergio castro unicin net) (1 replies) RE: what should I do when.... Jul 07 2008 05:53PM Rivest, Philippe (PRivest transforce ca) (4 replies) Re: what should I do when.... Jul 07 2008 09:09PM Adriel Desautels (adriel netragard com) (1 replies) |
|
 Privacy Statement |
this kind of "suspicious activity". If you don't have one, one should be
created and approved.
Any how, doing a preliminary research is very good and not too much time
consuming. Your next step should be to contact
1- The company that is probing you and give them the information you have.
What kind of "attack" you have, since when and from where.
2- Advise that company to investigate and remediate to the "disturbing
event". Tell them to contact you for info & upon completion.
3- Lastly if this gets out of hands I would suggest thinking of the ISP level
as they are also responsible for some level of protection (if this is abusive
for example).
Anything you do should be documented with evidence of action and
recommendation you do & take. This is very important to have as it show you
did everything you could with due care and in a timely manner. Keep this
evidence and back it up.
Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest (at) transforce (dot) ca [email concealed]
Téléphone: (514) 331-4417
www.transforce.ca
Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
You could print this email, but it does takes a long time to grow trees.
-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De la
part de Jorge L. Vazquez
Envoyé : 3 juillet 2008 22:05
À : security-basics;
security-basics-sc.1207759308.halobnafecliebdpegpn-Jlvazquez825=gmail.co
m@sec
urityfocus.com; security focus listbounce
Objet : what should I do when....
for the last 2 days I've been getting lots of connections attempts on my
firewall logs(ipcop firewall), from a specific ip based in Canada, the
log is showing a
*
*
NEW not SYN?
it seems that someone is trying to initiate a connections, or may be a
scan. Although the good thing is that the firewall is detecting them
therefore stopping them, I'm getting worried of hacker activity, I've
already done ip lookup, and dns whois query both of those point to ip
and host in Canada it seems to be a company as I got their public
website and also private network.....could anyone advice me what's the
proper course of actions in this case?....
thanks
Jorge L. Vazquez
www.pctechtips.org
[ reply ]