Hey all,
Yep, I get that many assortment of connection attempts to the various ports
described here. Indeed, portmapper is really the favorite on my machine
lately :-) .
What a typo I had below - I meant to say that connecting Barak in extremely
UNuseful !... :-)
I talked to them on the phone, connected them by mail (abuse@...), and
suggested my immediate sending of the details of the IPs I get scanned from
(and indeed, all the log information I have) live, while this is still
happening - zero response.
Anyway, if there's anything to do I thought it would have been in the
direction of live tracking of the sources of those scans. Many times the IP
I get the report the scans are coming from seems valid, but I know it might
be completely faked. But again, even suggesting Barak my online support
didn't created anything, so my conclusion is...
We just need to be happy that we are connecting through Linux, behind our
own firewall, and that we are knowledgeable enough to manage all this... :-)
boaz.
-----Original Message-----
This happening all over, and not specific to Barak. Crackers, worms, and
other "mar'in-bishin", as well as legitimate entities such as search
engines,
global load balancers, and research companies are continuously probing
random addresses throughout IP space, and you're going to see these scans
in every provider, unless your provider has a firewall in front of you.
I get connection attempts (as well as more "stealthy" packets) to various
ports all the time: telnet, ftp, lpd, portmapper (several Linux
distributions
had holes in the last two, so crackers are trying to use it), Windows SMB
ports, trojan backdoor ports, and other crap I don't recognize. It does no
harm, but it proves to me everyday why investing a few hours in learning
ipchains and why disabling most of the daemons on my home machine was a
smart move.
> BTW, obviously, Barak are extremely useful when I call them complaining
> about this situation that each time I connect through them I get scanned
> (god knows how many scans such as those were made when other people in my
> house connected via Windows).
Complaining to Barak won't do much good - it is not their fault, and there's
not much they can do about it except protect their network with a firewall
(and I know that I, for example, wouldn't want my dialup provider to enforce
its firewalling rules on me - I get enough of this crap at work).
What may help, in the long run, is looking at the IP addresses you can
connection attempts from, collecting this data from a large number of
volunteers (to screen out fake addresses - the issue of stealth scanning
is very complicated and interesting and I don't want to get into it right
now) and try to automatically find machines which may be "owned" (previously
broken into) and warn their owner. Very rarely do you see a connection
attempt
from the direct source of the attack.
One time, when I logged in through Netvision, I was sent ping packets, once
every second, for several hours, from one IP address. This did me no harm
(my firewall blocked them), so I just ignored it, but it wasted my poor
modem's bandwidth, and filled my logfile with annoying messages... I don't
know why would anyone want to keep a ping process running on a specific
address in Netvision's dialup IP range, but I guess some idiot did...
--
Nadav Har'El | Thursday, May 24 2001, 2 Sivan
5761
[EMAIL PROTECTED]
|-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Why do doctors call what they do
http://nadav.harel.org.il |practice? Think about it.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
