Port scanning

Well, if you're running a decent firewall, then you shouldn't even have these ports open on the internet? Who cares if they're scanning you? It's just a fact of life on the internet. Since we don't have CAP's on Sentech, it's of hardly any consequence.

<center><h5><font color="red">Oo. MyWireless <s>Hacks</s> Tweaks & Tech Info.oO </font id="red"></h5><h6>Have you checked the fawking FAQ?</h6></center>
 
i did a test the other day, with all this port scanning going around... i setup a linux box, and put it on a 66.18.7x.x ip. 3 days later i had a login on the maching from one of InfoSat's guys. checking the logs and stuff there was no harm done to the machine.

strange[?]
 
Let me put it another way. If you have a port open on the internet, such as ssh, telnet, or the windows file sharing ports, it is essentially an INVITATION for people to connect to it. That is the whole point behind the internet and firewalls. Expose what you want, and close what you don't want. Don't be surprised if something still tries to connect to a non-open port.

This is the design of the internet. If someone connects to a close port on your machine, your machine responds with "connection refused", a specific TCP packet to indicate that the port is closed, or not active.

This is the whole point behind having an IP address on the Internet. It doesn't matter where the scan, or connection attempt comes from. Sure millions and millions of connection attempts per second will affect your service, but a few random portscans/connects here and there is not the end of the world.

<center><h5><font color="red">Oo. MyWireless <s>Hacks</s> Tweaks & Tech Info.oO </font id="red"></h5><h6>Have you checked the fawking FAQ?</h6></center>
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Kaptain Khaos</i>
<br />the only safe connection is no connection :P
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Which Sentech seems quite willing to deliver on a daily basis... Disconnect... reset modem ... start again .. .aRRGGHHH.. the agony ;-)

R

************************************************************
The views expressed on this site are my own and NOT those of my employer.
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by regardtv</i>
<br />I'd suggest you send a mail to [email protected] <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
What are they going to do about it ?

Ok, maybe the ISP should not automatically disconnect the offender. Perharps they should rather send him an automated email message that he may have a virus (They can do it because they have his login details). I'm still idealistic, I know...


<hr noshade size="1">
<center>http://rational.co.za/MyWireless/calculate.html</center>
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"> would (or should) be using a decent Anti-Virus package <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

What can i use as a decent A/V on a 2000 Server Box?
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by nicroets</i>
What are they going to do about it ?

......

I'm still idealistic, I know...
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Actually you are not idealistic... In a previous life I was directly involved in managing exactly those sort of e-mails. Track and trace to a specific user - inform them of the problem and gently remind them that if it's not fixed - they are actually in violation of the AUP...

R

************************************************************
The views expressed on this site are my own and NOT those of my employer.
 
OK.

So now run a script somewhere in Sentech that goes something like this : (Assume 66.18.aa.bb [...] refers to IP addresses that will never be allocated).
tcpdump -n host 66.18.aa.bb | sed ... | *some IP to username look up* | while read $name
do mail [email protected] &lt;please_check_for_virus.txt
end

To prevent flooding you perhaps need to
(tcpdump ... | sed | sort | uniq) &gt;invected.ip
sleep 60
/bin/kill tcpdump
cat invected.ip | while read $name; do mail ...; done

Was that so difficult ?


<hr noshade size="1">
<center>http://rational.co.za/MyWireless/calculate.html</center>
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X