[CLUE-Tech] for those of you on AT&T@home
Dan Harris
coronadh at coronasolutions.com
Fri May 11 08:53:49 MDT 2001
Using the -audp and -atcp flags, my portsentry has captured more than one
@home scanner and blocked them. I don't know if portsentry requires a
rapid succession of ports, there are other ways of checking to see if it's
a port scan. (i.e. spoofed host address, stealth scan, smurfs, xmastree)
Sure, you can always just deny 24.*.*.*, I'm just showing another way to do
it :)
-Dan Harris
>> From: Dan Harris [coronadh at coronasolutions.com]
>> Subject: RE: [CLUE-Tech] for those of you on AT&T at home
>>
>> Or, another solution is to use PortSentry
>> (http://www.psionic.com/abacus/portsentry/). It will
>> automatically reject
>> any packets from a host that is detected scanning your ports.
>> I use it on
>> all my servers and I'd recommend it to *anyone* who is serious about
>> security. All of the @home scan servers are blocked on my
>> home computer
>> now :)
>
> Never a bad idea, but in this case, unless you configure PortSentry to
> be VERY paranoid, it won't detect this - the @Home scans I've seen
> aren't to several ports in rapid succession, so unless they've changed
> that I don't think PortSentry will see @Home's stuff as a scan.
>
> I'd still recommend just blocking out all of 24.x.x.x from any @Home
> Linux machine - you can open up specific IPs in that range if you need
> to, still. There are also quite a few more of the hacker types on
> @Home than their are on dialup, as this discussion shows, too, so
> you'll block them out.
>
> Tim
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list