Hi all ,
I would like to know what steps we need to take if we detect an port scan or intrusion attempts on our network . I can find the IP address of the originating m/c , but this is usually spoofed , so blocking the IP may not me a good solution . What would be the best way to block any further packets from them .
We r behind a firewall .
This is just for information purpose . Any links on this would also be good .
Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.