From owner-freebsd-security Sat Apr 24 18:18:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from server.pentalpha.com.hk (unknown [210.176.109.29]) by hub.freebsd.org (Postfix) with ESMTP id 77C9714F4A for ; Sat, 24 Apr 1999 18:18:46 -0700 (PDT) (envelope-from danny@pentalpha.com.hk) Received: from hing ([10.0.0.153]) by server.pentalpha.com.hk (8.9.1a/8.9.1) with SMTP id JAA12699; Sun, 25 Apr 1999 09:18:21 +0800 (CST) Message-ID: <005001be8eb9$7f300520$fb97fea9@hing> From: "danny" To: , References: <007c01be8e71$a76c64e0$f439fea9@hing> <372214FD.A0035005@prime.net.ua> Subject: Re: network scan Date: Sun, 25 Apr 1999 09:18:15 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Generally U may to tcpdump xl0 for pattern" <- how can I do it? Also, I found that 203.93.49.252 also scan my friend's nework. How can I contact corresponding responsible person to realize what happened? Danny ----- Original Message ----- From: Андрей В. Олейник (Andy V. Oleynik) To: Sent: Sunday, April 25, 1999 3:01 AM Subject: Re: network scan > IPFW does it for U. > Only thing U may take care about is > ftpd which accepts connections from Internet. > But if U've this service public U have only > to advance its security. > Generally U may to tcpdump xl0 for pattern > src host 203.93.49.252 to be sure that this > is not spoofed and contact corresponding > responsible person to realize what happened. > BTW, lately in the internet too much lammers > appeared that used SATAN :) > danny wrote: > > > >From the system log, I found that someone try to scan my server. How can I > > stop him from do it again? > > Danny > > > > Apr 24 19:33:30 server /kernel: ipfw: 14100 Deny TCP 203.93.49.252:2348 > > w.x.y.z:80 in via xl0 > > Apr 24 19:34:19 server /kernel: ipfw: 16000 Accept TCP 203.93.49.252:2421 > > w.x.y.z:21 in via xl0 > > Apr 24 19:34:26 server ftpd[36695]: refused connect from 203.93.49.252 > > Apr 24 19:34:32 server /kernel: ipfw: 26000 Deny UDP 203.93.49.252:1025 > > w.x.y.z:161 in via xl0 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Andy V. Oleynik > (When U aim for perfection, > U discover it's a moving target Ж80) > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message