Date: Fri, 17 Jul 1998 17:34:24 +0100 From: Manar Hussain <manar@ivision.co.uk> To: freebsd-security@FreeBSD.ORG Subject: Re: Large-scale scan of SNMP ports Message-ID: <3.0.5.32.19980717173424.008b13c0@stingray.ivision.co.uk>
next in thread | raw e-mail | index | archive | help
We'd certainly be interested in seeing ruleset ideas/snippets ... seem's silly to re-invent the wheel 100 times or miss out on good ideas ... Manar >> Two persons privately expressed interest in a copy of the rc.firewall >script >> that I used (which picked up the scan). It's not anything overly great, but >> it's well-commented and works for me. >> >> If there's any general interest from other users I'll post it to this list >> (assuming that's the 'done thing'). >> >> -- Chris >> Hallam Oaks P/L > >I've been building up my own ruleset. So far I'm not blocking much of >anything, just categorising traffic and when I'm ready I'll start changing >some of the 'accept's to 'deny's. The final line in my ruleset logs >anything not picked up by the other rules. I've been surprised at just >how much scanning goes on. > >I'd be interested to see other people's scripts to the extent that they >give me a better understanding of how to identify the various traffic I >see. Could be that there should be some docs on the freebsd site on the >subject. Maybe it's a multi-platform thing and belongs elsewhere. >Probably it exists elsewhere. Probably it wouldn't have been any help >when I got to wondering about that probe for a battle.net server, but it >might have saved me some time in recognising the pattern of a traceroute. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980717173424.008b13c0>