@home security scans

Furmanek, Greg Greg.Furmanek@hit.cendant.com
Fri, 10 Mar 2000 11:30:56 -0500 

oooh.. The big brother is looking for news groups servers.

check your /etc/services to find out what they are looking for.

If you are with cox or any other full time connection you should
have firewall running denying anything you do not want to serve to
the world.
Otherwise you are vulnerable!

Check out:
	Firewall-HOWTO
	Ipchains-HOWTO
	

The Wolf

-----Original Message-----
From: Shawn T. Rutledge [mailto:rutledge@cx47646-a.phnx1.az.home.com]
Sent: Thursday, March 09, 2000 8:31 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: Re: @home security scans


On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> I installed psionic portsentry tonight and i noticed
> that authorized-scan.security.home.net/24.0.94.130
> tried to connect to tcp 119 on my pc.  Is this a
> random scan or is it something I should be worried
> about???  What happens if they find out that I am
> running Linux???

They won't care about that but if you're running any kind of "server"
software
(apache, sendmail, ftpd, telnetd etc) I recommend

ipfwadm -I -a deny -S 24.0.0.0/8

 - a good security precaution as well as preventing them from finding out
what ports you have open.  And you will also have to make exceptions for
the DNS servers, web server, news server and any other @home machines you
need to access.  For example, 

ipfwadm -I -a accept -S 24.1.240.33/32
ipfwadm -I -a accept -S 24.1.240.34/32
ipfwadm -I -a accept -S 24.1.240.71/32

Put those rules in before the "deny" rule because the first matching rule
will set the policy.  And of course the syntax is different for ipchains
(for kernels in the 2.2 series).

Lessee... port 119 is nntp so evidently they were looking for rogue news 
servers.

-- 
  _______                                     http://www.bigfoot.com/~ecloud
 (_  | |_)  ecloud@bigfoot.com   finger rutledge@cx47646-a.phnx1.az.home.com
 __) | | \__________________________________________________________________
 Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903

_______________________________________________
Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss