Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 09:39:40PM -0600, Rthoreau wrote: > > On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: > > > >Looks like a ping (ICMP type 8). Where do you get port scanning from? > > >FWIW, I think that blocking pings via a firewall isn't recommended, but > > >not sure why. > > Jon wrote: > > > It does not provide any kind of security or protection what-so-ever, > > whilst removing the proper way of other people / you from elsewhere > > determining if your connection is working ok. > > -- > > Jon Dowland > > http://jon.dowland.name/ > > What you have all said still does not sync, when I look at the Notes provided > in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you > say that means, but the destination is another DNS server. > > This is a line taken from my my log again. > 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, > code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 > > Ok like I mentioned in my first post if I do a Arin Whois on address > 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the > destination 66.61.118.206 it is another DNS block, both happen to belong to > my ISP but in different cities. My cable modem action light is almost always > solid orange, which tells me I have a busy link even if I am not using the > net. > > So why am I getting pinged by a DNS server? Why are all the destinations > reported by my router log points to another DNS server? You're confused. All the whois tells you is that that the IP address belongs to an ISP. ISPs take large blocks of addresses to allocate to their clients. Nowhere does it say that the pinging host is a DNS server. A -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
> On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: > >Looks like a ping (ICMP type 8). Where do you get port scanning from? > >FWIW, I think that blocking pings via a firewall isn't recommended, but > >not sure why. Jon wrote: > It does not provide any kind of security or protection what-so-ever, > whilst removing the proper way of other people / you from elsewhere > determining if your connection is working ok. -- > Jon Dowland > http://jon.dowland.name/ What you have all said still does not sync, when I look at the Notes provided in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you say that means, but the destination is another DNS server. This is a line taken from my my log again. 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 Ok like I mentioned in my first post if I do a Arin Whois on address 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the destination 66.61.118.206 it is another DNS block, both happen to belong to my ISP but in different cities. My cable modem action light is almost always solid orange, which tells me I have a busy link even if I am not using the net. So why am I getting pinged by a DNS server? Why are all the destinations reported by my router log points to another DNS server? Even if I forwarded the ping to a DMZ or a safe machine, it would not find the machine, since I do not have any access to that network block. My Debian uses DHCP to log into my ISP through my router, my windows machine's use static IP's setup to log into my router. My router is a Zyxel ZyWall 2xw with 802.11b for wireless clients. I do not run any web, ftp, servers, and at the moment I do not have any ports forwarded to any machine. Its like a default setup with a hardware firewall and no ports open to the outside world. All passwords are changed, and wep is changed at a reasonable time frame. Everything works great, except I keep getting those recorded in my log. I could understand if the destination was my router, or a machine under the subnet but it is not. Also the source machines seem to change unlike the destination machine. That is the reason I wanted to ask all of you, I really do not know why this is happening. Rthoreau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 10:50:02PM +, Antony Gelberg wrote: > Looks like a ping (ICMP type 8). Where do you get port scanning from? > FWIW, I think that blocking pings via a firewall isn't recommended, but > not sure why. It does not provide any kind of security or protection what-so-ever, whilst removing the proper way of other people / you from elsewhere determining if your connection is working ok. -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, 18 Nov 2003 22:50:02 + Antony Gelberg <[EMAIL PROTECTED]> wrote: > On Tue, Nov 18, 2003 at 03:43:15PM -0600, Rthoreau wrote: > > Hello: fellow Debian users > > > > I was going over my router logs and noticed that I am getting port > > scanned from my ISP, this has been happening for a while but I > > haven't had the time to look into it untill now. I did a basic > > whois on the IP address and they show that it is my ISP, the > > destination is a DNS server that belongs to my ISP. > > > > Looks like a ping (ICMP type 8). Where do you get port scanning from? > FWIW, I think that blocking pings via a firewall isn't recommended, > but not sure why. > > A You also get helpstaff at ISPs keeping you talking on line, while they play games because they've learnt a little bit, and are bored out of their skulls. This has happened to me. He let too much slip in the conversation while he was playing. Script kiddies. Regards, David. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 03:43:15PM -0600, Rthoreau wrote: > Hello: fellow Debian users > > I was going over my router logs and noticed that I am getting port scanned > from my ISP, this has been happening for a while but I haven't had the time > to look into it untill now. I did a basic whois on the IP address and they > show that it is my ISP, the destination is a DNS server that belongs to my > ISP. > Looks like a ping (ICMP type 8). Where do you get port scanning from? FWIW, I think that blocking pings via a firewall isn't recommended, but not sure why. A -- Now playing: Dream Theater - In The Name of God -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ISP and DNS port scanning!
Hello: fellow Debian users I was going over my router logs and noticed that I am getting port scanned from my ISP, this has been happening for a while but I haven't had the time to look into it untill now. I did a basic whois on the IP address and they show that it is my ISP, the destination is a DNS server that belongs to my ISP. I sent an E-mail to abuse to see what they are going to do about it, but I am in need of some knowledge? Is this common? is the DNS server trying to collect or verify information on my system? If so why? I did do a google search on DNS port scanning and denial of service, but did not turn up anything that would explain this. That is why I am asking for your suggestions. They seem to be sending it about every 30 seconds, so in effect they are using a denial of service against me. Below is a few lines of my router log. In this format-> Time Message Source Destination Notes 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14 11/18/2003 14:53:20 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.30.31 66.61.118.206 ACCESS BLOCK 15 11/18/2003 14:53:08 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.81.46 66.61.118.206 ACCESS BLOCK 16 11/18/2003 14:52:45 Firewall default policy: ICMP (W to W/ZW, type:8, code:0) 66.61.123.234 66.61.118.206 ACCESS BLOCK 17 If this is common would someone please point me to a source to get more information. Thanks; Rthoreau at iwon dot com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 10:20:42AM +0100, Frédéric de Villamil wrote: > Hi dude > just try porsentry, it's a nice scan detector > but be carefull: if you use portsentry and nmap your owncomputer, you'll find > numerous ports open you don't use the services as portsentry watch many ports > by default > have fun > fred > Portsentry is a nice start, but it misses a lot of stuff. Snort is much better, but is more work to configure. Big problem with portsentry is that it binds to the ports, and makes it appear that a particular exploit might be running on your machine, this is like blood in the water to the dumber variety of script kiddies. (the vaguely smarter ones figure out that an ip with a dozen backdoor exploits is probably not really running them) -- Jim Richardson Anarchist, pagan and proud of it WWW.eskimo.com/~warlock Linux, because life's too short for a buggy OS.
Re: Checking port scanning?
Re, "Noah L. Meyerhans" wrote: > On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: > > > You may also want to try iplogger. Not only will this show ALL the ports in > > use, not just the ones you select in portsentry. Also, portsentry actually > > listens on those ports it is monitoring, so if you nmap yourself for > > security leaks, you'll see a plethora of ports open, don't freak. > > IIRC iplogger was obsoleted by ippl. There were some issues with remote > DoS attacks against hosts running iplogger. Ippl took care of those and > provides a more flexible logging mechanism. Ippl is one of the very > first packages I install on any Debian box in my control. Once you've > configured it right (i.e. told it not to log normal traffic like smtp > connections) the output can be very interesting. > you even should try snort. even a nice choice for port scanning and other strange attacks against your system MfG Daniel
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: > You may also want to try iplogger. Not only will this show ALL the ports in > use, not just the ones you select in portsentry. Also, portsentry actually > listens on those ports it is monitoring, so if you nmap yourself for > security leaks, you'll see a plethora of ports open, don't freak. IIRC iplogger was obsoleted by ippl. There were some issues with remote DoS attacks against hosts running iplogger. Ippl took care of those and provides a more flexible logging mechanism. Ippl is one of the very first packages I install on any Debian box in my control. Once you've configured it right (i.e. told it not to log normal traffic like smtp connections) the output can be very interesting. I could be mistaken, and confusing iplogger with some other package, but I don't think so. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpus6gAUqoGH.pgp Description: PGP signature
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: > > just try porsentry, it's a nice scan detector > > but be carefull: if you use portsentry and nmap your owncomputer, > > you'll find > > numerous ports open you don't use the services as portsentry > > watch many ports > > > > On Thursday 22 March 2001 01:35, Lars Jensen wrote: > > > How do I check if someone is scanning my ports, or hammering a certain > > > port with requests? > > You may also want to try iplogger. Not only will this show ALL the ports in > use, not just the ones you select in portsentry. Also, portsentry actually > listens on those ports it is monitoring, so if you nmap yourself for > security leaks, you'll see a plethora of ports open, don't freak. ippl is the replacement for iplogger iirc, ippl is more configurable and better then iplogger. use ippl instead. -- ,---. > Name: Alson van der Meulen < > Personal: [EMAIL PROTECTED] < > School: [EMAIL PROTECTED]< `---' And what does it mean 'rm: .o: No such file or directory'? -
RE: Checking port scanning?
> just try porsentry, it's a nice scan detector > but be carefull: if you use portsentry and nmap your owncomputer, > you'll find > numerous ports open you don't use the services as portsentry > watch many ports > > On Thursday 22 March 2001 01:35, Lars Jensen wrote: > > How do I check if someone is scanning my ports, or hammering a certain > > port with requests? You may also want to try iplogger. Not only will this show ALL the ports in use, not just the ones you select in portsentry. Also, portsentry actually listens on those ports it is monitoring, so if you nmap yourself for security leaks, you'll see a plethora of ports open, don't freak. HTH, Brooks
Re: Checking port scanning?
Hi dude just try porsentry, it's a nice scan detector but be carefull: if you use portsentry and nmap your owncomputer, you'll find numerous ports open you don't use the services as portsentry watch many ports by default have fun fred On Thursday 22 March 2001 01:35, Lars Jensen wrote: > How do I check if someone is scanning my ports, or hammering a certain > port with requests? > > Thanks for any help, > Lars. > > %%% > Lars Jensen, Truckee Meadows Community College, Reno NV 89512-3999. > Tel: 775.673.7113 E-mail: [EMAIL PROTECTED]
Re: Checking port scanning?
jail, ippl, or another icmp event logger. On Wed, 21 Mar 2001, Lars Jensen wrote: > >How do I check if someone is scanning my ports, or hammering a certain >port with requests? > >Thanks for any help, >Lars. > >%%% >Lars Jensen, Truckee Meadows Community College, Reno NV 89512-3999. >Tel: 775.673.7113 E-mail: [EMAIL PROTECTED] > > > -- Galt's sci-fi paradox: Stormtroopers versus Redshirts to the death. Who is John Galt? [EMAIL PROTECTED], that's who!
Re: Checking port scanning?
i use an application called portsentry made by psionic software logs to my syslog if im getting hammered it gets ip and server names quite a nifty little app and very easy to use and install
Checking port scanning?
How do I check if someone is scanning my ports, or hammering a certain port with requests? Thanks for any help, Lars. %%% Lars Jensen, Truckee Meadows Community College, Reno NV 89512-3999. Tel: 775.673.7113 E-mail: [EMAIL PROTECTED]
Re: Port Scanning
Depends on where you live. Usually yes. In Colorado, USA it's a misdemeanor crime. On Thu, 5 Aug 1999, Stephan Weaver wrote: > I was just wondering if portscanning was illegal? > > Stephan Weaver > > _ > Do You Yahoo!? > Free instant messaging and more at http://messenger.yahoo.com > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > > +---++ | Nate Duehr - [EMAIL PROTECTED]| Support Amateur Radio & Linux! | | Private Pilot, Telephony Engineer | Ham Callsign: N0NTZ | | UNIX Hack, Perl Hack, Tech-Freak | Grid Square: DM79 | | | "May the Source be with you." | +---++ | HamRadio and Linux mailing lists available for interested parties: | |http://www.natetech.com/mailman/listinfo| ++
Port Scanning
I was just wondering if portscanning was illegal? Stephan Weaver _ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com
Re: Port Scanning
Graham Lillico +44 1785 248131 <[EMAIL PROTECTED]> writes: > Just a quick question regarding port scanning, how do you tell that you have > been scanned > I assume it shows up in the log files. The package courtney can do this monitoring. It will report to syslog and also mail root about an incident. Also xinetd (and maybe inetd as well, don't know) can report any connection made to the system. Ciao, Martin -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
> Just a quick question regarding port scanning, how do you tell that you have > been scanned > I assume it shows up in the log files. not necessarily. if you are running tcplogd (from the iplogger package) then you get a line like below for every tcp (this does NOT get ucp or icmp packets) connection to your host: Feb 25 01:12:01 badger tcplogd: smtp connection attempt from nowhere.org tcpwrappers will also log connections to services and attempt to ident the user at the host the request came from (though ident requests are easily forged). Feb 22 12:19:50 badger wu-ftpd[5222]: connect from [EMAIL PROTECTED] the only *real* way to enable firewalling in your kernel and write a firewall using ipfwadm. the key for logging is a line like this at the end of your allow list: ipfwadm -I -a deny -S $ANYWHERE -D $HOST -o where $ANYWHERE = 0.0.0.0/0 and $HOST = your ip with this setup you can log basically any connection, and in fact if you want to can even log traffic that was broadcast on the same segment but wasn't actually for you (so you can watch for people sending RFC1918 addresses). > Alos if you decide to implement a firewall then you might want to check > out TIS at www.tis.com (if i remember correctly) as the do a free > firewall toolkit, you may also want to check out the socks package as > well. the tis stuff and socks isn't really for protecting a host, they are for protecting a network behind a host which is acting as a router/gateway/proxy. adam. Internet Alaska - 4050 Lake Otis Adam Shand(v) +1 907 562 4638 Anchorage, AlaskaSystems Administrator (f) +1 907 562 1677 - http://larry.earthlight.co.nz -- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
>> I think you could design a perl script or some kind of script for that if a >> icmp/udp/tcp is being done to your system at x amount of time you could use >> ipfwadm to block it. ipfwadm is a very powerful tool. I used to be port >> scanned daily and icmp attack, use ipfwadm to block it. >> >> > >> > >> > > > Is there anything out there to stop people from port scanning my system ? >> > > > I had someone last night scan my system from port 1 to 50,000 ! >> > > >> > > Firewalling or tcp_wrappers configured the right way. Just a quick question regarding port scanning, how do you tell that you have been scanned I assume it shows up in the log files. Alos if you decide to implement a firewall then you might want to check out TIS at www.tis.com (if i remember correctly) as the do a free firewall toolkit, you may also want to check out the socks package as well. Regards Graham >> > >> > tcp-wrappers will not stop you from being scanned. even if the port is >> > wrapped it will still show up as an open port to a scan. you also can't >> > wrap udp services. >> > >> > if you are paranoid enough that this is an issue i suggest you break out >> > a firewall book and ipfwadm and decide who exactly you want to be able to >> > talk to what on your box. >> > >> > > There is nmap in hamm that does the port scanning. >> > >> > there is also strobe that comes with the netdiag package... it's very >> > good. >> > >> > adam. >> > >> > Internet Alaska - >> > 4050 Lake OtisAdam Shand(v) +1 907 562 4638 >> > Anchorage, AlaskaSystems Administrator (f) +1 907 562 1677 >> > - http://larry.earthlight.co.nz -- >> > >> > >> > >> > -- >> > TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to >> > [EMAIL PROTECTED] . >> > Trouble? e-mail to [EMAIL PROTECTED] . >> > >> > >> >> >> -- >> >> >> _ ,/| Chi Wong >>'\O.O'"Life is a shitload of TESTS !" >>=(_ _)= [EMAIL PROTECTED] >> |U| [EMAIL PROTECTED] >> / | [EMAIL PROTECTED] >>//| \http://www.cif.rochester.edu/~phreak/main.html >> >> >> >> -- >> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to >> [EMAIL PROTECTED] . >> Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
I think you could design a perl script or some kind of script for that if a icmp/udp/tcp is being done to your system at x amount of time you could use ipfwadm to block it. ipfwadm is a very powerful tool. I used to be port scanned daily and icmp attack, use ipfwadm to block it. > > > > > Is there anything out there to stop people from port scanning my system ? > > > I had someone last night scan my system from port 1 to 50,000 ! > > > > Firewalling or tcp_wrappers configured the right way. > > tcp-wrappers will not stop you from being scanned. even if the port is > wrapped it will still show up as an open port to a scan. you also can't > wrap udp services. > > if you are paranoid enough that this is an issue i suggest you break out > a firewall book and ipfwadm and decide who exactly you want to be able to > talk to what on your box. > > > There is nmap in hamm that does the port scanning. > > there is also strobe that comes with the netdiag package... it's very > good. > > adam. > > Internet Alaska - > 4050 Lake Otis Adam Shand(v) +1 907 562 4638 > Anchorage, AlaskaSystems Administrator (f) +1 907 562 1677 > - http://larry.earthlight.co.nz -- > > > > -- > TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to > [EMAIL PROTECTED] . > Trouble? e-mail to [EMAIL PROTECTED] . > > -- _ ,/| Chi Wong '\O.O'"Life is a shitload of TESTS !" =(_ _)= [EMAIL PROTECTED] |U| [EMAIL PROTECTED] / | [EMAIL PROTECTED] //| \http://www.cif.rochester.edu/~phreak/main.html -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
On Tue, 24 Feb 1998, Ian Eure wrote: > You might want to look at Abacus Sentry- you can get it from www.psionic.com > > matthew tebbens wrote: > > > Is there anything out there to stop people from port scanning my system ? > > I had someone last night scan my system from port 1 to 50,000 ! > > > > I heard that there is a portscand out there somewhere, if so where ? I downloaded, went over the README, configured, ran make, *and* did a few quick tests of the Abacus Sentry program tonight in 10 minutes. It's easy to setup and works great. --Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
> > Is there anything out there to stop people from port scanning my system ? > > I had someone last night scan my system from port 1 to 50,000 ! > > Firewalling or tcp_wrappers configured the right way. tcp-wrappers will not stop you from being scanned. even if the port is wrapped it will still show up as an open port to a scan. you also can't wrap udp services. if you are paranoid enough that this is an issue i suggest you break out a firewall book and ipfwadm and decide who exactly you want to be able to talk to what on your box. > There is nmap in hamm that does the port scanning. there is also strobe that comes with the netdiag package... it's very good. adam. Internet Alaska - 4050 Lake Otis Adam Shand(v) +1 907 562 4638 Anchorage, AlaskaSystems Administrator (f) +1 907 562 1677 - http://larry.earthlight.co.nz -- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
> Is there anything out there to stop people from port scanning my system ? > I had someone last night scan my system from port 1 to 50,000 ! > > I heard that there is a portscand out there somewhere, if so where ? There is a nice little package called abacus-sentry that runs as a daemon and watches for this type of stuff. Once it detects an "attack" it can either auto drop route to the offender and /or add a ipfwadm firewall rule. It works pretty good here and is very configurable as to what actions it takes and what port ranges you want to watch for. More information and its capabilities are available at http://www.psionic.com. ** Bill West Houston TX email: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ** Linux = The choice of a GNU generation ** There are two kinds of people, those who do the work and those who take the credit. Try to be in the first group; there is less competition there. -Indira Gandhi- ** -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
matthew tebbens wrote: > > > Is there anything out there to stop people from port scanning my system ? > I had someone last night scan my system from port 1 to 50,000 ! Firewalling or tcp_wrappers configured the right way. > I heard that there is a portscand out there somewhere, if so where ? There is nmap in hamm that does the port scanning. Tim -- (work) [EMAIL PROTECTED] / (home) [EMAIL PROTECTED] - http://www.buoy.com/~tps A true friend knows who you are but likes you anyway. ** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.** -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
You might want to look at Abacus Sentry- you can get it from www.psionic.com matthew tebbens wrote: > Is there anything out there to stop people from port scanning my system ? > I had someone last night scan my system from port 1 to 50,000 ! > > I heard that there is a portscand out there somewhere, if so where ? > > Thanks, > Matthew > > -- > TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to > [EMAIL PROTECTED] . > Trouble? e-mail to [EMAIL PROTECTED] . -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Port Scanning
On Tue, 24 Feb 1998, matthew tebbens wrote: > Is there anything out there to stop people from port scanning my system ? > I had someone last night scan my system from port 1 to 50,000 ! > > I heard that there is a portscand out there somewhere, if so where ? You can't stop them beforehand. You can prevent access subsequently with ipfwadm and a kernel with firewalling compiled into it (prevent access from just that host, or that subnet). If you're very paranoid you could set up your firewall to deny all services by default and only let in connections on services which you feel are essential. If cracking is actively occurring, contact their provider to have them thrown off and/or prosecuted, and probably switch to ssh exclusively for remote login and switch off telnet, ftp, imap, rlogin, rexec, etc. etc. Probably, the worst that they're doing is growing your logfiles because you've got iplogger installed. Thomas. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Port Scanning
Is there anything out there to stop people from port scanning my system ? I had someone last night scan my system from port 1 to 50,000 ! I heard that there is a portscand out there somewhere, if so where ? Thanks, Matthew -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .