On Fri, Mar 10, 2000 at 09:43:40AM -0700, sinck@corp.quepasa.com wrote:
> And, in the FWIW department, I think 24.0.0.0/8 will block more than
> @home, which the last report on PLUG I saw was only 24.1.x.x -
> 24.14.x.x .  

Yeah it also blocks speedchoice, maybe others.  But the trouble is I've
never seen a definitive answer on what their subnet really is.  This guy
got scanned from a 24.0 address so evidently it goes beyond 24.1 - 24.14.
> 
> \_ Actually, they may wise up and start running those scans from a
> \_ nameserver.  (It's what I would do.)  Then you would have to allow DNS
> \_ through while blocking all other ports from that IP, instead of blanket
> \_ denying the IP.
> 
> What I'm more concerened with is if they don't scan from 24.x.....

Yep.  I would hope they don't get that paranoid.  Anyway there's still
nothing I could do AFAIK to prevent a passive detection method (if they
simply snoop all the packets and look for tcp packets going through to
port 80 and getting a reply).  But when I was on the unix@home mailing
list (now defunct AFAICT) there were a lot of people reporting that they
got portscanned.  So I think that is their usual detection method.

-- 
  _______                                     http://www.bigfoot.com/~ecloud
 (_  | |_)  ecloud@bigfoot.com   finger rutledge@cx47646-a.phnx1.az.home.com
 __) | | \__________________________________________________________________
 Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903