oooh.. The big brother is looking for news groups servers. check your /etc/services to find out what they are looking for. If you are with cox or any other full time connection you should have firewall running denying anything you do not want to serve to the world. Otherwise you are vulnerable! Check out: Firewall-HOWTO Ipchains-HOWTO The Wolf -----Original Message----- From: Shawn T. Rutledge [mailto:rutledge@cx47646-a.phnx1.az.home.com] Sent: Thursday, March 09, 2000 8:31 PM To: plug-discuss@lists.PLUG.phoenix.az.us Subject: Re: @home security scans On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote: > I installed psionic portsentry tonight and i noticed > that authorized-scan.security.home.net/24.0.94.130 > tried to connect to tcp 119 on my pc. Is this a > random scan or is it something I should be worried > about??? What happens if they find out that I am > running Linux??? They won't care about that but if you're running any kind of "server" software (apache, sendmail, ftpd, telnetd etc) I recommend ipfwadm -I -a deny -S 24.0.0.0/8 - a good security precaution as well as preventing them from finding out what ports you have open. And you will also have to make exceptions for the DNS servers, web server, news server and any other @home machines you need to access. For example, ipfwadm -I -a accept -S 24.1.240.33/32 ipfwadm -I -a accept -S 24.1.240.34/32 ipfwadm -I -a accept -S 24.1.240.71/32 Put those rules in before the "deny" rule because the first matching rule will set the policy. And of course the syntax is different for ipchains (for kernels in the 2.2 series). Lessee... port 119 is nntp so evidently they were looking for rogue news servers. -- _______ http://www.bigfoot.com/~ecloud (_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com __) | | \__________________________________________________________________ Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903 _______________________________________________ Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss