[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Off Topic - Portscans

To: Penty Wenngren <penty@lederhosen.org>
Subject: Re: Off Topic - Portscans
From: Sacha Ligthert <outcast@thyserpent.net>
Date: Fri, 1 Sep 2000 00:21:52 +0200 (CEST)
Cc: misc@openbsd.org

<^>Just curious, how do you guys and girls handle portscans and (possible) 
<^>intrusion-attempts? Do you report them to the ISP's abuse-address, or do 
<^>you just ignore them relying on that Kevin Mitnick is forbidden to use 
<^>computers?
<^>
<^>I'm getting a somewhat hopeless feeling when I report stuff to 
<^>abuse-addresses, not knowing if it actually helps or if they care at all
Ok.. I must admit. I am a little bit late. But due holyday, a chrashed HD
and a telephoon line knackerd by a flagpole dug in for Sail 2000 I was
unable to receive mail for about 3 weeks now. So this left 2012 mail in my
mailbox.

I asked about this to a friend of mine who worked for an ISP (XS4ALL) here
in Holland. One of his jobs where to handle the abuse account (allong
with colleges). When he got an E-mail saying that he/her got
portscanned. Automaticly an E-mail was being sendback (autoreply). But
they further took no action. Unless the same IP kept up comming up
repeatedly. Then they would send an E-mail asking if he or she could stop
what they where doing. Thats it. A syn-flood would be a different story.
If someone knackers you. Send and Abuse mail to its ISP and your preyers
will be heard. (Your ISP isn't responsible for your security flaws, so if
you got r00t3d!. Don't blame your ISP. Blame the cr/hackers ISP.)

What isn't a nice thing when you own a domain. Putting this in your
/etc/mail/aliases
abuse:		/dev/null
You could miss some importent information if you're dealing with users on
your system.

What you could do once your partscanned. Firewall them.
block in  quick on xl0 from ip/range to any
block out quick on xl0 from ip/range to any

On the other hand. What is a portscan?
Would you mind if a stranger would telnet to your ssh port and try one and
other? Would you mind if a stranger would telnet to a port that currently
doesn't run any services? Unless you admit your system is sh*t and
insecure.. You have nothing to fear.

I self run a little domain on an obscure well know little network...
To be honest I don't care if they portscan me or not. It would be around 5
times a day I guess. And then then??? The ISP doesn't do a thing.. and the
potential attacker only sees 3 maybe 4 ports open. Big deal.

(Ok. A portscan is a start for a break in. Then again.. OpenBSD)

Greetings,
	Sacha Ligthert

PS : HypnoSkull - FFWD>>BURNOUT (Music related)

--
     A nice utility appeared in Version 6 AT&T UNIX.
			(man 1 nice (OpenBSD 2.7))

Prev by Date: Re: Netscape config
Next by Date: Re: make package for mutt fails
Prev by thread: Re: Netscape config
Next by thread: Re: Off Topic - Portscans
Index(es):
- Date
- Thread