Actually, they may wise up and start running those scans from a nameserver. (It's what I would do.) Then you would have to allow DNS through while blocking all other ports from that IP, instead of blanket denying the IP. "Shawn T. Rutledge" wrote: > > On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote: > > I installed psionic portsentry tonight and i noticed > > that authorized-scan.security.home.net/24.0.94.130 > > tried to connect to tcp 119 on my pc. Is this a > > random scan or is it something I should be worried > > about??? What happens if they find out that I am > > running Linux??? > > They won't care about that but if you're running any kind of "server" software > (apache, sendmail, ftpd, telnetd etc) I recommend > > ipfwadm -I -a deny -S 24.0.0.0/8 > > - a good security precaution as well as preventing them from finding out > what ports you have open. And you will also have to make exceptions for > the DNS servers, web server, news server and any other @home machines you > need to access. For example, > > ipfwadm -I -a accept -S 24.1.240.33/32 > ipfwadm -I -a accept -S 24.1.240.34/32 > ipfwadm -I -a accept -S 24.1.240.71/32 > > Put those rules in before the "deny" rule because the first matching rule > will set the policy. And of course the syntax is different for ipchains > (for kernels in the 2.2 series). > > Lessee... port 119 is nntp so evidently they were looking for rogue news > servers. > > -- > _______ http://www.bigfoot.com/~ecloud > (_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com > __) | | \__________________________________________________________________ > Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903 > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Digital Wokan Tribal mage of the electronics age Guerilla Linux Warrior