From owner-freebsd-net Mon Apr 3 7: 5:56 2000 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom2.netcom.com [199.183.9.102]) by hub.freebsd.org (Postfix) with ESMTP id D891437B59E for ; Mon, 3 Apr 2000 07:05:48 -0700 (PDT) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id HAA05798 for freebsd-net@FreeBSD.ORG; Mon, 3 Apr 2000 07:05:12 -0700 (PDT) From: Stan Brown Message-Id: <200004031405.HAA05798@netcom.com> Subject: Help, I am being scanned! To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Mon, 3 Apr 2000 10:05:12 -0400 (EDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My ISP seems to be saning my system. Look here: Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 Apr 2 04:44:52 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:51466 24.6.61.166:119 in via ed1 Apr 2 09:15:50 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:65458 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33055 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33274 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33483 24.6.61.166:119 in via ed1 Apr 2 13:49:32 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55198 24.6.61.166:119 in via ed1 Apr 2 13:49:33 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55510 24.6.61.166:119 in via ed1 Apr 2 18:25:40 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:36998 24.6.61.166:119 in via ed1 Apr 2 18:25:41 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:37329 24.6.61.166:119 in via ed1 Apr 2 23:13:35 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:44432 24.6.61.166:119 in via ed1 Apr 2 23:13:36 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:45021 24.6.61.166:119 in via ed1 Apr 3 03:47:29 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:53917 24.6.61.166:119 in via ed1 That Ip translates to authorized-scan.security.home.ne. I don't recognize these ports, what are they? How can I protect myself against their ssaning? Thanks. -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message