Add a new rule in your router and firewall to drop any packets from the offending IP addresses (or network) scanning your network. Next, do a trace route (tracert) on these IP addresses and notify the ISP where the attacks are originating from -- chances are the ISP may have been hacked and they don't know it.
As for the severity of the attempts, carefully consider the following:
- Review your firewall logs as far back as you can and observe "accepted" connections and follow through.
- Review your server logs for security compromise and enable auditing, if not already done.
- Make a backup of your firewall logs and keep a printed copy available for quick reference.
- Check your firewall settings and make sure it's properly configured (e.g., to prevent anti-spoofing).
- Update your firewall and servers with the latest "tested" service packs and security hotfixes.
- Visit http://www.cybercrime.gov/reporting.htm to learn if you are the victim of a computer crime and take the appropriate course of action.
- Define alarms and configure your router, firewall, and servers to notify you immediately
- Closely monitor your router, firewall, and server logs moving forward.
- Read up on script kiddies.
This was first published in November 2002