From owner-freebsd-security  Wed Mar  1  8:33:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 10DED37C2FB
	for <freebsd-security@freebsd.org>; Wed,  1 Mar 2000 08:33:24 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id LAA37687
	for freebsd-security@freebsd.org; Wed, 1 Mar 2000 11:38:47 -0500 (EST)
	(envelope-from cjc)
Date: Wed, 1 Mar 2000 11:38:47 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: freebsd-security@freebsd.org
Subject: @Home Server Scanner?
Message-ID: <20000301113847.B37590@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I appear to be scanned regularly by an @Home host,

Name:    ops-scan.home.net
Address:  24.0.94.130

It has been scanning my NNTP (119) port several times a day since the
beginning of February. Previous to that, it liked to check my HTTP
port (80) several times a day. That behavior dates to when I started
logging on the firewall in January.

Anyone know anything about that host? Any other @Home users seeing
this too? My assumption is that it is @Home scanning for "illegal"
servers on their network.

This machine has earned a,

  deny log ip from 24.0.94.130 to any

In my firewall for now.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message