From owner-freebsd-net Mon Apr 3 18:52:45 2000 Delivered-To: freebsd-net@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 9D68F37B6BC for ; Mon, 3 Apr 2000 18:52:42 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id VAA33800; Mon, 3 Apr 2000 21:52:41 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.simianscience.com (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA14947; Mon, 3 Apr 2000 21:52:40 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: stanb@netcom.com (Stan Brown) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Help, I am being scanned! Date: Tue, 04 Apr 2000 01:50:06 GMT Message-ID: <38e949fe.348672764@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Apr 2000 10:06:08 -0400, in sentex.lists.freebsd.net you wrote: > My ISP seems to be saning my system. Look here: > > >Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 > That Ip translates to authorized-scan.security.home.ne. I don't > recognize these ports, what are they? How can I protect myself against > their ssaning? Port 119 is the nntp or news port... grep 119 /etc/services nntp 119/tcp usenet #Network News Transfer Protocol nntp 119/udp usenet #Network News Transfer Protocol man ipfw e.g. ipfw add 5000 deny log ip from 24.0.94.130 to any ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message