@home security scans

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDigitalWokanwokan@home.com at <-
MFurmanek, Greg at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: GregGreg.Furmanek@hit.cendant.com
Date:  
Subject: @home security scans
oooh.. The big brother is looking for news groups servers.

check your /etc/services to find out what they are looking for.

If you are with cox or any other full time connection you should
have firewall running denying anything you do not want to serve to
the world.
Otherwise you are vulnerable! 

Check out:
    Firewall-HOWTO
    Ipchains-HOWTO

    

The Wolf

-----Original Message-----
From: Shawn T. Rutledge [mailto:rutledge@cx47646-a.phnx1.az.home.com]
Sent: Thursday, March 09, 2000 8:31 PM
To:
Subject: Re: @home security scans


On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> I installed psionic portsentry tonight and i noticed
> that authorized-scan.security.home.net/24.0.94.130
> tried to connect to tcp 119 on my pc. Is this a
> random scan or is it something I should be worried
> about??? What happens if they find out that I am
> running Linux???

They won't care about that but if you're running any kind of "server"
software
(apache, sendmail, ftpd, telnetd etc) I recommend

ipfwadm -I -a deny -S 24.0.0.0/8

- a good security precaution as well as preventing them from finding out
what ports you have open. And you will also have to make exceptions for
the DNS servers, web server, news server and any other @home machines you
need to access. For example,

ipfwadm -I -a accept -S 24.1.240.33/32
ipfwadm -I -a accept -S 24.1.240.34/32
ipfwadm -I -a accept -S 24.1.240.71/32

Put those rules in before the "deny" rule because the first matching rule
will set the policy. And of course the syntax is different for ipchains
(for kernels in the 2.2 series).

Lessee... port 119 is nntp so evidently they were looking for rogue news
servers. 

-- 
  _______                                     http://www.bigfoot.com/~ecloud
 (_  | |_)     finger 
 __) | | \__________________________________________________________________
 Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903


_______________________________________________
Plug-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-domains to reject@home security scans->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)