Re: Somebody's scanning my ports or what?

To: George Bonser <grep@shorelink.com>
Cc: debian-user@lists.debian.org
Subject: Re: Somebody's scanning my ports or what?
From: "Benoit.Joly" <jolb01@gel.usherb.ca>
Date: Tue, 27 Apr 1999 23:44:01 -0400 (EDT)
Message-id: <[🔎] Pine.SOL.3.91.990427234120.13398C-100000@idas>
In-reply-to: <[🔎] Pine.LNX.3.96.990427202007.11435A-100000@calvin.captech.com>

hi, 

i wantt to thanks you for this bunch of usefull things :)

i just found a free tool to minimize attack on a linux box...
logchecker, portsentry which deny automaticly suspected host, hostsentry 
for watching login access...

http://www.psionic.com/abacus/

seems to be nice.

Benoit Joly

On Tue, 27 Apr 1999, George Bonser wrote:

> On Tue, 27 Apr 1999, Benoit.Joly wrote:
> 
> > im getting this kind of things about 2 or 3 times a week...
> > with some netbus and bo try.
> > 
> > i sent lot of emails to their isp but still receive 2 or 3 attack per 
> > week from other ips...
> > 
> > what should i do?, is there a way to protect me against this? currently i 
> > have fakebo.
> > 
> > Benoit Joly
> > 
> 
> You can not prevent your system from being scanned, all you can do is
> control what is learned from the scan. It is not a crime, as far as I
> know, to simply attempt connections to a machine on the public internet.
> 
> First thing I would do is only have ONE machine exposed directly to the
> internet. Use this machine as a firewall/gateway for all the other
> machines. Turn off all services on this machine that you are not using.
> Carefuly plan and put into place a set of packet forwarding / masquerading
> rules for traffic between your internal protected network and the public
> internet. For services that you wish to provide to outside hosts, make a
> separate network different from the internal network. This is commonly
> called a "DMZ" in network documents.
> 
> So your internet firewall / gateway will probably have THREE interfaces if
> you wish to provide public access to some services:
> 
>     1. The interface to the external internet.
>     2. The interface to the private local network.
>     3. The interface to the internal network with public services (www,
> ftp, mail, news, etc.)
> 
> The whole world can access certain ports in your public access net ( 80,
> 21, 23, 25, 119, etc) Nobody in the outside world has direct access to
> your internal net. Nobody on the public access net has access to your
> internal net and your internal net has access to everything.
> 
> 
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> 
>

Reply to:

References:
- Re: Somebody's scanning my ports or what?
  - From: George Bonser <grep@shorelink.com>

Prev by Date: Re: Testing sub directories using perl AGAIN
Next by Date: Re: Testing sub directories using perl AGAIN
Previous by thread: Re: Somebody's scanning my ports or what?
Next by thread: Re: Somebody's scanning my ports or what?
Index(es):
- Date
- Thread