@home security scans
Digital Wokan
wokan@home.com
Thu, 09 Mar 2000 23:15:15 -0700
Actually, they may wise up and start running those scans from a
nameserver. (It's what I would do.) Then you would have to allow DNS
through while blocking all other ports from that IP, instead of blanket
denying the IP.
"Shawn T. Rutledge" wrote:
>
> On Thu, Mar 09, 2000 at 07:03:30PM -0800, Todd Jamison wrote:
> > I installed psionic portsentry tonight and i noticed
> > that authorized-scan.security.home.net/24.0.94.130
> > tried to connect to tcp 119 on my pc. Is this a
> > random scan or is it something I should be worried
> > about??? What happens if they find out that I am
> > running Linux???
>
> They won't care about that but if you're running any kind of "server" software
> (apache, sendmail, ftpd, telnetd etc) I recommend
>
> ipfwadm -I -a deny -S 24.0.0.0/8
>
> - a good security precaution as well as preventing them from finding out
> what ports you have open. And you will also have to make exceptions for
> the DNS servers, web server, news server and any other @home machines you
> need to access. For example,
>
> ipfwadm -I -a accept -S 24.1.240.33/32
> ipfwadm -I -a accept -S 24.1.240.34/32
> ipfwadm -I -a accept -S 24.1.240.71/32
>
> Put those rules in before the "deny" rule because the first matching rule
> will set the policy. And of course the syntax is different for ipchains
> (for kernels in the 2.2 series).
>
> Lessee... port 119 is nntp so evidently they were looking for rogue news
> servers.
>
> --
> _______ http://www.bigfoot.com/~ecloud
> (_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com
> __) | | \__________________________________________________________________
> Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903
>
> _______________________________________________
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
Digital Wokan
Tribal mage of the electronics age
Guerilla Linux Warrior