So my work basically is to monitor network traffic for a client, which pushes their devices' logs to us. Occasionally, there will be an active external host performing a network scan from time to time, and resulted in about a million occurrences within just an hour. But all of them are deny traffic. Upon checking the external IP at the AbuseIP database there are some records of it.
I'm wondering, do deny traffic harm the network/devices? Is it worth to contact the client for a possible intrusion attempt, even though the firewall already blocked the traffic? How high could the threshold be for the network to break?
No comments:
Post a Comment