Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask slashdot: what to do when spotting a network intruder IP address?

phr4nck (2743915) writes | about 2 years ago

1

phr4nck (2743915) writes "I am in charge of a small website security. Everyday the FW logs show the IP address of people trying to get access to the system. This morning, I routinely was checking the file and a class A IP address trying to get root access held me up. It was coming from a big well known college on the US east coast. I contacted the IT security person and his first answer was:
"What are the timestamps on your logs? We located the machine a few hours ago and it should no longer be on our network."
I replied in sending a time stamped log file for which I received this answer:
"This host has been taken offline.
Thanks for reporting it."
It is not the first time I am reporting abusing access to my network and I have no idea if things are then taken seriously. What really to do? What would you do?
By the way the host is really currently offline."

Sorry! There are no comments related to the filter you selected.

www.projecthoneypot.org (2)

AHuxley (892839) | about 2 years ago | (#41534635)

See if others have listed the ip/ports/ranges on http://www.projecthoneypot.org/ [projecthoneypot.org]
If not, add to the site :)
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?