[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kinda OT: Dealing with cracker attempts...

On Sun, 04 Jul 1999, Michael Alan Dorman wrote:
>So I was sitting here working on getting libnet-perl working with the
>new perl packages, and installing midentd on my firewall host so that
>I could get into some ftp sites, when what did I notice but ippl
>logging that someone was portscanning me.
>How do other people handle this?  I mean, this host has basically all
>services but smtp and identd turned off, so I'm not _terrifically_
>worried about someone getting in.  It does annoy me, though, and I'm
>wondering if people have any real-world suggestions as to ways to
>provide negative reinforcement to the cracker.

In such situations I generally do reverse DNS lookups, portscan them back,
finger them etc.
I don't regard it as a bad thing.  I portscan my friends machines to see what
types of server programs they are playing with.  I sometimes portscan web
robots that go through my web pages.
One time (years ago before I disabled rsh and friends) I noticed someone trying
to rexec various programs on my system.  So I tried to rexec
/why/are/you/trying/to/rexec/on/my/system.  ;)  A few weeks later he read his
log files and send me an email explaining that a default icon in his X setup
did an rexec on a host named "snoopy", I ran machine snoopy in the same domain
as him.

If you're worried about portscanning then pick some uncommon port and run a
service on it which automatically launches a portscan on the machine which
connects to it.  Make sure you have this set to scan a site no more than once
per day (otherwise if someone else has the same setup you'll end up scanning
each other until one of you runs out of bandwidth).

I am in London and would like to meet any Linux users here.
I plan to work in London until April and then move to another
place where the pay is good.

Reply to: