@home security scans

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M.Msinck@corp.quepasa.comsinckcorp.quepasa.com at <-
MMMMark R. Myers at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: MarkR.Myersmmyers@pamarq.com
Date:  
Subject: @home security scans
I am glad that with DSL, I can choose my ISP. I switched from USWest to
Fastq and they've been wonderful.
For $19.95/month +$9.95 for 8 static IPs, I can run anything I want. They
even help register my domain (pamarq.com) with their DNS.
I'm running web server, ftp server, and mail server with them, all with
their blessing.
Now I am only planning on using this for my personal use, but I still enjoy
the freedom.
I have not set up any web pages yet (so the default "you've set it up
correctly page" comes up), but am looking forward to being a little
creative.
Mark

----- Original Message -----
From: "Furmanek, Greg" <>
To: <>
Sent: Friday, March 10, 2000 9:30 AM
Subject: RE: @home security scans


> oooh.. The big brother is looking for news groups servers.
>
> check your /etc/services to find out what they are looking for.
>
> If you are with cox or any other full time connection you should
> have firewall running denying anything you do not want to serve to
> the world.
> Otherwise you are vulnerable!
>
> Check out:
> Firewall-HOWTO
> Ipchains-HOWTO
>
>
> The Wolf
>
> -----Original Message-----
> From: Shawn T. Rutledge [mailto:rutledge@cx47646-a.phnx1.az.home.com]
> Sent: Thursday, March 09, 2000 8:31 PM
> To:
> Subject: Re: @home security scans
>
>
> On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> > I installed psionic portsentry tonight and i noticed
> > that authorized-scan.security.home.net/24.0.94.130
> > tried to connect to tcp 119 on my pc. Is this a
> > random scan or is it something I should be worried
> > about??? What happens if they find out that I am
> > running Linux???
>
> They won't care about that but if you're running any kind of "server"
> software
> (apache, sendmail, ftpd, telnetd etc) I recommend
>
> ipfwadm -I -a deny -S 24.0.0.0/8
>
> - a good security precaution as well as preventing them from finding out

> what ports you have open. And you will also have to make exceptions for
> the DNS servers, web server, news server and any other @home machines you
> need to access. For example,
>
> ipfwadm -I -a accept -S 24.1.240.33/32
> ipfwadm -I -a accept -S 24.1.240.34/32
> ipfwadm -I -a accept -S 24.1.240.71/32
>
> Put those rules in before the "deny" rule because the first matching rule
> will set the policy. And of course the syntax is different for ipchains
> (for kernels in the 2.2 series).
>
> Lessee... port 119 is nntp so evidently they were looking for rogue news
> servers.
>
> --
> _______
http://www.bigfoot.com/~ecloud
> (_ | |_) finger

> __) | |
\__________________________________________________________________
> Get money for spare CPU cycles at
http://www.ProcessTree.com/?sponsor=5903
>
> _______________________________________________
> Plug-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> _______________________________________________
> Plug-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>





This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-@home security scans@home security scans->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)