@home security scans
Digital Wokan
wokan@home.com
Fri, 10 Mar 2000 23:45:59 -0700
Portscans are definitely less of a privacy issue than the idea that they
are doing packet sniffing.
"Shawn T. Rutledge" wrote:
>
> On Fri, Mar 10, 2000 at 09:43:40AM -0700, sinck@corp.quepasa.com wrote:
> > And, in the FWIW department, I think 24.0.0.0/8 will block more than
> > @home, which the last report on PLUG I saw was only 24.1.x.x -
> > 24.14.x.x .
>
> Yeah it also blocks speedchoice, maybe others. But the trouble is I've
> never seen a definitive answer on what their subnet really is. This guy
> got scanned from a 24.0 address so evidently it goes beyond 24.1 - 24.14.
> >
> > \_ Actually, they may wise up and start running those scans from a
> > \_ nameserver. (It's what I would do.) Then you would have to allow DNS
> > \_ through while blocking all other ports from that IP, instead of blanket
> > \_ denying the IP.
> >
> > What I'm more concerened with is if they don't scan from 24.x.....
>
> Yep. I would hope they don't get that paranoid. Anyway there's still
> nothing I could do AFAIK to prevent a passive detection method (if they
> simply snoop all the packets and look for tcp packets going through to
> port 80 and getting a reply). But when I was on the unix@home mailing
> list (now defunct AFAICT) there were a lot of people reporting that they
> got portscanned. So I think that is their usual detection method.
>
> --
> _______ http://www.bigfoot.com/~ecloud
> (_ | |_) ecloud@bigfoot.com finger rutledge@cx47646-a.phnx1.az.home.com
> __) | | \__________________________________________________________________
> Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903
>
> _______________________________________________
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
Digital Wokan
Tribal mage of the electronics age
Guerilla Linux Warrior