Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Apr 1999 22:01:18 +0300
From:      =?koi8-r?Q?=E1=CE=C4=D2=C5=CA=20=F7=2E=20=EF=CC=C5=CA=CE=C9=CB?= (Andy   V. Oleynik) <andyo@prime.net.ua>
To:        security@FreeBSD.ORG
Subject:   Re: network scan
Message-ID:  <372214FD.A0035005@prime.net.ua>
References:  <007c01be8e71$a76c64e0$f439fea9@hing>

next in thread | previous in thread | raw e-mail | index | archive | help
IPFW does it for U.
Only thing U may take care about is
ftpd which accepts connections from Internet.
But if U've this service public U have only
to advance its security.
Generally U may to tcpdump xl0 for pattern
src host 203.93.49.252 to be sure that this
is not spoofed and contact corresponding
responsible person to realize what happened.
BTW, lately in the internet too much lammers
appeared that used SATAN :)
danny wrote:

> >From the system log, I found that someone try to scan my server. How can I
> stop him from do it again?
> Danny
>
> Apr 24 19:33:30 server /kernel: ipfw: 14100 Deny TCP 203.93.49.252:2348
> w.x.y.z:80 in via xl0
> Apr 24 19:34:19 server /kernel: ipfw: 16000 Accept TCP 203.93.49.252:2421
> w.x.y.z:21 in via xl0
> Apr 24 19:34:26 server ftpd[36695]: refused connect from 203.93.49.252
> Apr 24 19:34:32 server /kernel: ipfw: 26000 Deny UDP 203.93.49.252:1025
> w.x.y.z:161 in via xl0
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

--
Andy V. Oleynik
(When U aim for perfection,
 U discover it's a moving target ö80)





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372214FD.A0035005>