From owner-freebsd-security Sat Apr 24 15:12:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from well.apcs.com.au (well.apcs.com.au [203.41.122.5]) by hub.freebsd.org (Postfix) with ESMTP id F3B7215088 for ; Sat, 24 Apr 1999 15:12:30 -0700 (PDT) (envelope-from keith@well.apcs.com.au) Received: (from keith@localhost) by well.apcs.com.au (8.9.3/8.9.2) id IAA23647; Sun, 25 Apr 1999 08:06:15 +1000 (EST) (envelope-from keith) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <372214FD.A0035005@prime.net.ua> Date: Sun, 25 Apr 1999 08:06:15 +1000 (EST) Reply-To: keith@apcs.com.au Organization: Australia Power Control Systems Pty Limited From: Keith To: (Andy V. Oleynik) Subject: Re: network scan Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Andy Please tell me more ? "Generally U may to tcpdump xl0 for pattern" What is this Keith On 24-Apr-99 Andy V. Oleynik wrote: > IPFW does it for U. > Only thing U may take care about is > ftpd which accepts connections from Internet. > But if U've this service public U have only > to advance its security. > Generally U may to tcpdump xl0 for pattern > src host 203.93.49.252 to be sure that this > is not spoofed and contact corresponding > responsible person to realize what happened. > BTW, lately in the internet too much lammers > appeared that used SATAN :) > danny wrote: > >> >From the system log, I found that someone try to scan my server. How can I >> stop him from do it again? >> Danny >> >> Apr 24 19:33:30 server /kernel: ipfw: 14100 Deny TCP 203.93.49.252:2348 >> w.x.y.z:80 in via xl0 >> Apr 24 19:34:19 server /kernel: ipfw: 16000 Accept TCP 203.93.49.252:2421 >> w.x.y.z:21 in via xl0 >> Apr 24 19:34:26 server ftpd[36695]: refused connect from 203.93.49.252 >> Apr 24 19:34:32 server /kernel: ipfw: 26000 Deny UDP 203.93.49.252:1025 >> w.x.y.z:161 in via xl0 >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > -- > Andy V. Oleynik > (When U aim for perfection, > U discover it's a moving target ö80) > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message "The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD." ** The thing I like most about Windows 98 is... ** You can download FreeBSD with it! ---------------------------------- E-Mail: Keith Australia Power Control Systems Pty. Limited. Date: 25-Apr-99 Time: 08:04:58 Satelite Service 64K to 2Meg This message was sent by XFMail ---------------------------------- What's the similarity between an air conditioner and a computer? They both stop working when you open windows. ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message