From owner-freebsd-security  Tue Jul 14 20:56:21 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA08265
          for freebsd-security-outgoing; Tue, 14 Jul 1998 20:56:21 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA08257
          for <freebsd-security@FreeBSD.ORG>; Tue, 14 Jul 1998 20:56:17 -0700 (PDT)
          (envelope-from maillist@oaks.com.au)
Received: from bigbox (frankenputer.aussie.org [203.29.75.73])
	by mail.aussie.org (8.9.0/8.9.0) with SMTP id NAA26061;
	Wed, 15 Jul 1998 13:54:59 +1000 (EST)
Message-Id: <199807150354.NAA26061@mail.aussie.org>
From: "Hallam Oaks P/L list account" <maillist@oaks.com.au>
To: " >,
        "Richard.Stanaford" <richard@erinet.com>"
Date: Wed, 15 Jul 1998 13:54:56 +1000
Reply-To: "Hallam Oaks P/L list account" <maillist@oaks.com.au>
X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;3)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Large-scale scan of SNMP ports
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>Hi.. I am just curious... how did you know your IP's were scanned?  I am
>building a production FreeBSD box, intending it to be an IRC server, and 

By default, I deny everything via IPFW. The only stuff I allow is the few 
services I want to expose. The rules that get the most hits (such as accesses 
to the NetBIOS ports) I deny without logging. All other disallowed accesses 
are denied with logging.

So, since the console sits next to me, when I get accesses of this sort, the 
screensaver clicks off and the report comes up on the console (meaning I 
notice it straight away if I happen to be at my desk), plus of course it goes 
to the syslog.

If you're planning any sort of public server I really recommend you spend 
time working on your rc.firewall. It can be time consuming to set up nicely 
(particularly if you're using the same machine as a gateway for an internal 
LAN, as I am) but it's well worth the time spent.

-- Chris
   Hallams Oaks P/L



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message