From owner-freebsd-security Wed Mar 1 11:17: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 8E25537B920; Wed, 1 Mar 2000 11:17:05 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 8BA342E8157; Wed, 1 Mar 2000 11:17:05 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Wed, 1 Mar 2000 11:17:05 -0800 (PST) From: Kris Kennaway To: cjclark@home.com Cc: freebsd-security@freebsd.org Subject: Re: @Home Server Scanner? In-Reply-To: <20000301113847.B37590@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Mar 2000, Crist J. Clark wrote: > Anyone know anything about that host? Any other @Home users seeing > this too? My assumption is that it is @Home scanning for "illegal" > servers on their network. > > This machine has earned a, > > deny log ip from 24.0.94.130 to any > > In my firewall for now. Personally I'd never run my machine without a default-to-deny firewall policy with explicit gaps for the traffic I need. With ipfw being stateful thesedays you can quite easily make it so NO unwanted packets get through from the outside. Running something like snort from ports is also very handy for knowing when someone from the outside world decides to pay you some attention. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message