On Tue, 28 Nov 2000 14:40:09 -0200 (EDT), Mario Olimpio de Menezes said: > > Hi, > > One computer where I have Debian installed was scanned > recently. Someone probed several ports (~20), maybe trying to determine > the running OS (something like nmap does). > Do you think this *IS* an attack? I mean, should I report this > as *AN* attack?
If someone scans several ports, I usually do report it to their ISP, sending them log excerpts that include the time they occurred and also my time zone as reported by my computer. The ISP would probably warn the customer and even terminate the customer's account if they believe the customer was up to no good. I usually do not report attempts to connect to single ports. -- Andrew
