Hi, here is another ATT customer with ATT Cable connected to Debian. I run auth,telnet(Dahh), sshd, exim, httpd accessible from most net but all other ports are blocked by ipchains. If you are worried about ATT scanning, use your providers ip range to block access to open ports.
Just plug NNTP ports when you install. See log and find out these authorized portscan. Then block those 2 IPs. Unless you run seruoisly high trafficking web server or something, cable company has no time to police you. You should be more concered about script kiddy running portscan on your machine. Remember that ATT say you can not use your conection to serve outside of your property but according to the contract it is OK to have masq box. If you talk to CS of ATT, they say differently, but CONTRACT is THE ONLY thing it conts in this contry. Good luck. Osamu > | AT&T @home service uses DHCP but the DHCP server always allocates the same > | IP to your box. This is done so that it's easier to rearrange IP addresses > | (for them) should they ever need to. However, the technicians are told to > | set the machine to the assigned static IP if anything goes wrong (and it's > | not uncommon for @home DHCP to be down). I've been using my static IP since > | I got the service because their DHCP (and DNS) was down the day it was > | installed. > | > | If you do get a broadband connection, be sure to setup a decent ipchains > | firewall script and/or run some sort of intrusion detection system because > | the broadband IP ranges are frequently scanned by hax0rs for vulnerable > | systems. AT&T @home scans all of their clients for news servers (port 119) > | routinely, so whatever you do, don't setup a news server -- even by mistake. > | > > Is there a general disapproval from service providers regarding > servers? I wasn't planning on a news server, but I do have a web > server and ftp server (in addtion to sshd) on my machine. If possible > I would also like to run a mailing list. > > Thanks (all who replied) for all the great info! > -D > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + Fingerprint: 814E BD64 3288 40E7 E88E 3D92 C3F8 EA94 D5DE 453D + + === http://www.aokiconsulting.com ======= Cupertino, CA USA === +
