[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cracking attempt

On Mon, 24 Feb 2003 10:59, Tim Spriggs wrote:
> > That's the only thing to do, if someone is excessively scanning you then
> > you block their IP addresses for a while.  Of course you can't be too
> > trigger happy with this or you'll end up with half the Internet in your
> > firewall rule set...
> In the defense of the ballistic person that is complaining about the
> portscan, one of our servers is running a backup server that dies with no
> error/warning when the server is portscanned. Unfortunately, our servers
> can not be put behind a firewall as funding is at an all time low.


Firstly having a backup server on a public IP address is just asking for 

What OS are you using?  Presumably if it was Linux you would have solved the 
problem with iptables or ipchains long ago...

BTW  As a rule of thumb, if you can crash it then you can probably exploit it, 
I hope that server isn't running as root.

> This is a very inconvenient feature and the company that provides the
> backup server will do nothing about it so we have to manually restart the
> deamon from time to time because we were (innocently) portscanned.

That sucks.  Napster clients used to do the same, but you couldn't complain 
too much about free software that is used for unauthorised audio copying.  ;)

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: