Yep.Be thankful that your firewall stopped 'em.
Quite honestly,most of the packets containg malicious
code are wholly impersonal.They'd have been generated
from an infected computer by a worm randomly scanning
1000's of I.P. addresses.
Backtracing them all would consume a lot of time and
energy.However,if you notice one address in particular is
persistantly scanning your ports,then,you *could* report
the incident to the I.S.P. in charge of the domain from
where the traffic is originating.They *may* ask the owner
of the wormy P.C. to clean it up,or,if it seems more
likely to have been a determined hacking attempt,the
I.S.P. *might* withdraw services from the guilty party.
I would hesitate toward taking this course of action
until I had exported the packet captures to isc/the
firewall provider for expert analysis.
All too often,an innocent cookie request by a webpage can
look like a smurf attack to the untrained eye,and vice
versa.
Sadie
-----Original Message-----
What should I be doing with the information in the
firewall log? Should I be trying to learn who the IP
adderesses represent? Something else? Or just be happy
that the firewall stopped them?
