Charles,
I hope to see a some replies to your query also, but I'm afraid that
there is not a lot that can
be done to stop the scans. I ran a firewall for site X the last 4 years, and
we would see many scans
every day. I had many discussions with those much more experienced and
better educated than I
about security, but never found a good answer.
What I did (for what it is worth :') is to watch the logs every day. I'd
get to know what was happening
after watching them for a while, and would try to make sure that we were
protected on the ports that
were scanned. Bugtraq is a mailing list that has lots of traffic on
vulnerabilities, and I'd watch that to keep
up with the latest problems and patches or work arounds. Sometimes I'd use
nmap to scan my network
for a particular port, if there were problems with that port, and do what I
could to secure that server
or turn off that port.
IMHO security is two parts. First, implement a good security plan, then
keeping ahead of those that
want to attack my resources. The first part is hard and takes some time
along with a willingness from
management to pay the cost both in $ and in political costs when you impact
a user in the name of
security. The second part is hard, but I enjoyed it. Kinda like a game. The
real goal is to make the cost
of attacking my machine (or yours) more expensive than the gain. Either in $
or time or whatever the
attacker is looking for. Make your system harder to compromise than mine,
and the attacker will go
for those that are easier or less costly.
Don
-----Original Message-----
From: Charles Luo [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 6:39 AM
To: [EMAIL PROTECTED]
Subject: How to keep port scannings away?
hi, guys
A few days ago, I installed snort-1.3.6 on one of my company LAN machines.
By checking log files daily, I found that our firewalls are scanned 3-4
times daily, . Some of them scan normal ports, such as 80, 8080, 111; but
some of them scan ports like 1243, 21, 22, 1080 etc . I suppose that the
people scan the later ones could have some tendencies in mind.
So, can anyone suggest me how to keep those scannings away ? If it is
unavoidable, what I should do in order to reduce the damage as lower as
possible?
Thank you in advance,
Charles
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
