Date: Sat, 18 Jul 1998 02:43:19 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Hallam Oaks P/L list account <maillist@oaks.com.au> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Large-scale scan of SNMP ports Message-ID: <Pine.BSF.3.96.980718020556.4807A-100000@aniwa.sky> In-Reply-To: <199807171255.WAA29844@mail.aussie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Jul 1998, Hallam Oaks P/L list account wrote: > Date: Fri, 17 Jul 1998 22:56:30 +1000 > From: Hallam Oaks P/L list account <maillist@oaks.com.au> > To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> > Subject: Re: Large-scale scan of SNMP ports > > Two persons privately expressed interest in a copy of the rc.firewall script > that I used (which picked up the scan). It's not anything overly great, but > it's well-commented and works for me. > > If there's any general interest from other users I'll post it to this list > (assuming that's the 'done thing'). > > -- Chris > Hallam Oaks P/L I've been building up my own ruleset. So far I'm not blocking much of anything, just categorising traffic and when I'm ready I'll start changing some of the 'accept's to 'deny's. The final line in my ruleset logs anything not picked up by the other rules. I've been surprised at just how much scanning goes on. I'd be interested to see other people's scripts to the extent that they give me a better understanding of how to identify the various traffic I see. Could be that there should be some docs on the freebsd site on the subject. Maybe it's a multi-platform thing and belongs elsewhere. Probably it exists elsewhere. Probably it wouldn't have been any help when I got to wondering about that probe for a battle.net server, but it might have saved me some time in recognising the pattern of a traceroute. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980718020556.4807A-100000>