On Tue, 28 Nov 2000 12:15:39 -0600 (CST), Damian Menscher said: > > I usually do not report attempts to connect to single ports. > > You might want to keep in mind that scans of all ports are often just > general curiosity about what kind of stuff a computer is being used for, > while scans of a single port (on every machine in your subnet) is often > someone looking for a machine vulnerable to a *particular* exploit. So > I'd say don't ignore the single-port scans. They are as (or more) > serious. I forgot to explain that I am on a dynamic IP address, and the reason I do not bother with single port scans is that someone else on the same IP address may have been running a server. If I see scans to certain ports, known to be searches for exploits, I always send the ISP the log entry. > > Of course, a connection to a single port on a single machine is probably > just some idiot who mistyped an IP address....
exactly, and I don't want to cause trouble needlessly. -- Andrew
