@home security scans
Shawn T. Rutledge
rutledge@cx47646-a.phnx1.az.home.com
Thu, 9 Mar 2000 20:30:45 -0700
On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> I installed psionic portsentry tonight and i noticed
> that authorized-scan.security.home.net/24.0.94.130
> tried to connect to tcp 119 on my pc. Is this a
> random scan or is it something I should be worried
> about??? What happens if they find out that I am
> running Linux???
They won't care about that but if you're running any kind of "server" software
(apache, sendmail, ftpd, telnetd etc) I recommend
ipfwadm -I -a deny -S 24.0.0.0/8
- a good security precaution as well as preventing them from finding out
what ports you have open. And you will also have to make exceptions for
the DNS servers, web server, news server and any other @home machines you
need to access. For example,
ipfwadm -I -a accept -S 24.1.240.33/32
ipfwadm -I -a accept -S 24.1.240.34/32
ipfwadm -I -a accept -S 24.1.240.71/32
Put those rules in before the "deny" rule because the first matching rule
will set the policy. And of course the syntax is different for ipchains
(for kernels in the 2.2 series).
Lessee... port 119 is nntp so evidently they were looking for rogue news
servers.
--
_______ http://www.bigfoot.com/~ecloud
(_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com
__) | | \__________________________________________________________________
Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903