@home security scans
Shawn T. Rutledge
rutledge@cx47646-a.phnx1.az.home.com
Fri, 10 Mar 2000 10:13:27 -0700
On Fri, Mar 10, 2000 at 09:43:40AM -0700, sinck@corp.quepasa.com wrote:
> And, in the FWIW department, I think 24.0.0.0/8 will block more than
> @home, which the last report on PLUG I saw was only 24.1.x.x -
> 24.14.x.x .
Yeah it also blocks speedchoice, maybe others. But the trouble is I've
never seen a definitive answer on what their subnet really is. This guy
got scanned from a 24.0 address so evidently it goes beyond 24.1 - 24.14.
>
> \_ Actually, they may wise up and start running those scans from a
> \_ nameserver. (It's what I would do.) Then you would have to allow DNS
> \_ through while blocking all other ports from that IP, instead of blanket
> \_ denying the IP.
>
> What I'm more concerened with is if they don't scan from 24.x.....
Yep. I would hope they don't get that paranoid. Anyway there's still
nothing I could do AFAIK to prevent a passive detection method (if they
simply snoop all the packets and look for tcp packets going through to
port 80 and getting a reply). But when I was on the unix@home mailing
list (now defunct AFAICT) there were a lot of people reporting that they
got portscanned. So I think that is their usual detection method.
--
_______ http://www.bigfoot.com/~ecloud
(_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com
__) | | \__________________________________________________________________
Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903