On Fri, Mar 10, 2000 at 09:43:40AM -0700, sinck@corp.quepasa.com wrote: > And, in the FWIW department, I think 24.0.0.0/8 will block more than > @home, which the last report on PLUG I saw was only 24.1.x.x - > 24.14.x.x . Yeah it also blocks speedchoice, maybe others. But the trouble is I've never seen a definitive answer on what their subnet really is. This guy got scanned from a 24.0 address so evidently it goes beyond 24.1 - 24.14. > > \_ Actually, they may wise up and start running those scans from a > \_ nameserver. (It's what I would do.) Then you would have to allow DNS > \_ through while blocking all other ports from that IP, instead of blanket > \_ denying the IP. > > What I'm more concerened with is if they don't scan from 24.x..... Yep. I would hope they don't get that paranoid. Anyway there's still nothing I could do AFAIK to prevent a passive detection method (if they simply snoop all the packets and look for tcp packets going through to port 80 and getting a reply). But when I was on the unix@home mailing list (now defunct AFAICT) there were a lot of people reporting that they got portscanned. So I think that is their usual detection method. -- _______ http://www.bigfoot.com/~ecloud (_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com __) | | \__________________________________________________________________ Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903