Date: Mon, 3 Apr 2000 16:21:32 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Stan Brown <stanb@netcom.com> Cc: FreeBSD Networking <freebsd-net@FreeBSD.ORG> Subject: Re: Help, I am being scanned! Message-ID: <20000403162132.C85754@strontium.scientia.demon.co.uk> In-Reply-To: <200004031405.HAA05798@netcom.com> References: <200004031405.HAA05798@netcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stan Brown wrote: > My ISP seems to be saning my system. Look here: > > > Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 > Apr 2 04:44:52 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:51466 24.6.61.166:119 in via ed1 > Apr 2 09:15:50 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:65458 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33055 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33274 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33483 24.6.61.166:119 in via ed1 > Apr 2 13:49:32 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55198 24.6.61.166:119 in via ed1 > Apr 2 13:49:33 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55510 24.6.61.166:119 in via ed1 > Apr 2 18:25:40 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:36998 24.6.61.166:119 in via ed1 > Apr 2 18:25:41 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:37329 24.6.61.166:119 in via ed1 > Apr 2 23:13:35 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:44432 24.6.61.166:119 in via ed1 > Apr 2 23:13:36 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:45021 24.6.61.166:119 in via ed1 > Apr 3 03:47:29 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:53917 24.6.61.166:119 in via ed1 > > That Ip translates to authorized-scan.security.home.ne. I don't > recognize these ports, what are they? How can I protect myself against > their ssaning? Why should you want to protect yourself? Your ISP is scanning it's customers to make sure their systems aren't misconfigured. Given that you're denying the packets anyway, I don't know what else you think you can do. As the the ports, try looking them up in /etc/services (actually there's only one destination port here, 119, and that's nntp, and the source ports are meaningless). -- Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000403162132.C85754>