Prot probes
Barnett, Blake
bbarnett@bloodsystems.org
Fri, 7 Jul 2000 09:37:20 -0700
Another fun trick is to download or create a simple logging daemon that
listens to a port and finds out exactly what they are probing for...
attrition.org has one...
* Blake
-----Original Message-----
From: sinck@owmyeye.ugive.com [mailto:sinck@owmyeye.ugive.com]
Sent: Friday, July 07, 2000 7:53 AM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: Prot probes
\_ I have just got everything up with @home this past weekend. I am so
\_ glad. I check my firewall every night to see what is going on. In
\_ my log file have started to see a pattern to some probes. I seem to
\_ get a lot from Cox at home and Cox at work.
This is a bit severe, but try:
ipchains -A input -j REJECT -p tcp 24.0.0.0/8 -y -d <your-ip> 0:65535
That'll definitely mask off those annoying cox@ probes. As well as a
whole host of other folks, but why are they trying to see your box
anyway? :-)
IIRC, some dig'ing found that cox went 24.1 - 24.14 a while back.
David
_______________________________________________
Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss