Intrusion Detection - Port Scan

[Eniigma]

I've picked up a number of intrusion detections on my firewall over the last few days.

The majority seem to be coming from a particular IP which I've traced to a very well know local company. i.e. A lookup on the IP points to a local company.

The question is what action can I / should I take?

I could contact them and ask them to cease and take action against the employee.


So far I don't think there has been any breach. Am I being paranoid?

 

[syntax]

I've picked up a number of intrusion detections on my firewall over the last few days.

The majority seem to be coming from a particular IP which I've traced to a very well know local company. i.e. A lookup on the IP points to a local company.

The question is what action can I / should I take?

I could contact them and ask them to cease and take action against the employee.


So far I don't think there has been any breach. Am I being paranoid?

I doubt this is a normal employee unless the companies security sucks.
I would contact the company. This sometimes happens when penetration tests are run, but they get the subnet wrong. IT then scans someone elses range as well.
No matter what, I would definitely contact the company, and if you get no joy, you can contact the ISP. It will get their attention

 

[Eniigma]

Will do.

Contacting thier ISP is might be pointless, when they are the largest telecom's and first tier in SA.

And I am pretty sure it is a static IP.

 

[Anthro]

The fact that you able to detect the intrusion, is good - means it did not succeed - yes ?
I would suggest contacting them - regardless of the size and reputation of the company.
I dont think that their security admin's will tolerate such behavior anyway. "Probeer is die beste geweer" as they say
Also, with regards to the ISP - they will take it seriously - as it's against TOS to DDOS... im sure ...