Kyle,
I thought as much (re: see your response below). To
be honest, I don't think that going around shouting
that the "sky is falling" is going to do a lot to
clear up the FUD in the security community.
The point is that what the OP is seeing doesn't seem
to constitute "intrusion attempts", nor do they seem
to be consuming inordinate amounts of bandwidth.
So...since the company that these things are
originating from don't seem to be doing anything
*about* it, and the "probes" themselves don't seem to
be causing any harm (ie, firewalls, etc), I think the
best advice we can give the OP is to just file the
necessary documentation and leave it at that.
Crying wolf isn't going to do anyone any good.
I'm not sure I see your logic in equating "probes"
(from the OP) to "intrusion attempts"...
The idea is to get their attention with a "vigorous
defense" (or
whatever the appropriate legalese is) rather than be
highly specific
-- consider who would actually be reading the
letter. You're
completely correct, port scans aren't intrusion
attempts (though they
could potentially be precursors), and the language
(such as it was)
really was just off the top of my head. I assume
that a real lawyer
would have a much better idea of what should go into
such a letter
than I would, anyway.
--
Kyle Maxwell
[krmaxwell@gmail.com]
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
