Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jul 1998 02:43:19 +1200 (NZST)
From:      Andrew McNaughton <andrew@squiz.co.nz>
To:        Hallam Oaks P/L list account <maillist@oaks.com.au>
Cc:        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject:   Re: Large-scale scan of SNMP ports
Message-ID:  <Pine.BSF.3.96.980718020556.4807A-100000@aniwa.sky>
In-Reply-To: <199807171255.WAA29844@mail.aussie.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 17 Jul 1998, Hallam Oaks P/L list account wrote:

> Date: Fri, 17 Jul 1998 22:56:30 +1000
> From: Hallam Oaks P/L list account <maillist@oaks.com.au>
> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
> Subject: Re: Large-scale scan of SNMP ports
> 
> Two persons privately expressed interest in a copy of the rc.firewall script 
> that I used (which picked up the scan). It's not anything overly great, but 
> it's well-commented and works for me.
> 
> If there's any general interest from other users I'll post it to this list 
> (assuming that's the 'done thing').
> 
> -- Chris
>    Hallam Oaks P/L

I've been building up my own ruleset.  So far I'm not blocking much of
anything, just categorising traffic and when I'm ready I'll start changing
some of the 'accept's to 'deny's.  The final line in my ruleset logs
anything not picked up by the other rules.  I've been surprised at just
how much scanning goes on. 

I'd be interested to see other people's scripts to the extent that they
give me a better understanding of how to identify the various traffic I
see.  Could be that there should be some docs on the freebsd site on the
subject.  Maybe it's a multi-platform thing and belongs elsewhere.
Probably it exists elsewhere.  Probably it wouldn't have been any help
when I got to wondering about that probe for a battle.net server, but it
might have saved me some time in recognising the pattern of a traceroute.

Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980718020556.4807A-100000>