Date: Fri, 13 Feb 2004 01:01:44 +0900 From: Luke Kearney <lukek@meibin.net> To: Dragoncrest <dragoncrest@voyager.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Problem with someone port scanning me Message-ID: <20040213005928.45CE.LUKEK@meibin.net> In-Reply-To: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net> References: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Feb 2004 11:12:53 -0500 Dragoncrest <dragoncrest@voyager.net> granted us these pearls of wisdom: > For the past couple of days I've had someone on our lan port scanning my > box. Not sure what's up with that, but I'm curious if there's a way to log > what IP address this is coming from. I don't have IPFW enabled yet as I > haven't had the time to configure it at this point as it's currently behind > the company firewall on our T3. Is there a way to log where it's coming > from? Or is that already being logged somewhere? I wonder if you might get some benefit from a couple of simple IPF rules and a quick portsentry install. /etc/ipf.rules pass in log on interface0 from any to any pass out log on interface0 from IP to any with the appropriate startup would give you a good idea of the IP address the scan is comming from. Whether your DHCP server admin will tell you who that address is is a different matter. HTH LK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040213005928.45CE.LUKEK>