He has a firewall in place. I think the question here is what
do you do about the scans that continue to come, but don't get through ?
The scans will continue to come, even if you lock the doors. In
my experience, one out of 40-50 contacts will even get back, and
none ever gave me any good information about the person that was
trying to attack me, or even just queries that were obvious
misconfigurations I never heard back on.
The question that I have is what do others do with these. Lots of them
come from RIPE networks, ever get through them to the user or
netadmin ???
Don
>From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
>Sent: Friday, December 15, 2000 1:00 PM
>Install one of the various firewalls or packet filters to block such
>actions.
>Thanks,
>Ron DuFresne
On Fri, 15 Dec 2000, Charles Luo wrote:
> hi, guys
>
> A few days ago, I installed snort-1.3.6 on one of my company LAN machines.
By checking log files daily, I found that our firewalls are scanned 3-4
times daily, . Some of them scan normal ports, such as 80, 8080, 111; but
some of them scan ports like 1243, 21, 22, 1080 etc . I suppose that the
people scan the later ones could have some tendencies in mind.
>
> So, can anyone suggest me how to keep those scannings away ? If it is
unavoidable, what I should do in order to reduce the damage as lower as
possible?
>
> Thank you in advance,
> Charles
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
