Prot probes

Barnett, Blake bbarnett@bloodsystems.org
Fri, 7 Jul 2000 09:37:20 -0700


Another fun trick is to download or create a simple logging daemon that
listens to a port and finds out exactly what they are probing for...
attrition.org has one...

*  Blake


-----Original Message-----
From: sinck@owmyeye.ugive.com [mailto:sinck@owmyeye.ugive.com]
Sent: Friday, July 07, 2000 7:53 AM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: Prot probes




\_ I have just got everything up with @home this past weekend. I am so
\_ glad. I check my firewall every night to see what is going on. In
\_ my log file have started to see a pattern to some probes. I seem to
\_ get a lot from Cox at home and Cox at work. 

This is a bit severe, but try:

ipchains -A input -j REJECT -p tcp 24.0.0.0/8 -y -d <your-ip> 0:65535

That'll definitely mask off those annoying cox@ probes.  As well as a
whole host of other folks, but why are they trying to see your box
anyway? :-)

IIRC, some dig'ing found that cox went 24.1 - 24.14 a while back.

David

_______________________________________________
Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss