Dynamic IP log retention = 0?

Jon Lewis jlewis at lewis.org
Wed Mar 11 14:03:42 UTC 2009

On Wed, 11 Mar 2009, Darden, Patrick S. wrote:

> I think your next step is your lawyer.  Put all your missives, your
> email, your phone conversations, your logs, your auditing results, your
> detection troubleshooting and sleuthing trails etc. in a folder, create
> a one page summary including any damages you feel might have been caused
> (e.g. time, effort, and money spent on this so far) and a timeline, and
> make an appointment with your lawyer.

I wouldn't necessarily believe the response from Covad and try to escalate 
to someone with a bit more clue there...but what's the point in getting 
lawyers involved?  Whatever access isn't supposed to be open should be 
filtered.  Beyond that, you should expect regular scans from random hosts 
on the net.  That's the way it's been for the past 20 or more years, 
and it's unlikely to stop just because you don't like it.  What effect 
will your lawers have next week when the 'abusive scans' are coming from 
Romania, China, Russia, etc.?

If port scans really bother you, then you should setup a system to detect 
them, and regularly rebuild ACLs/null route lists/etc. to stop them in 
near real time.  AFAIK, Cisco sells such a product, as do other network 
vendors I'm sure.

  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the NANOG mailing list