Date: Wed, 15 Jul 1998 13:54:56 +1000 From: "Hallam Oaks P/L list account" <maillist@oaks.com.au> To: " >, "Richard.Stanaford" <richard@erinet.com>" Subject: Re: Large-scale scan of SNMP ports Message-ID: <199807150354.NAA26061@mail.aussie.org>
next in thread | raw e-mail | index | archive | help
>Hi.. I am just curious... how did you know your IP's were scanned? I am >building a production FreeBSD box, intending it to be an IRC server, and By default, I deny everything via IPFW. The only stuff I allow is the few services I want to expose. The rules that get the most hits (such as accesses to the NetBIOS ports) I deny without logging. All other disallowed accesses are denied with logging. So, since the console sits next to me, when I get accesses of this sort, the screensaver clicks off and the report comes up on the console (meaning I notice it straight away if I happen to be at my desk), plus of course it goes to the syslog. If you're planning any sort of public server I really recommend you spend time working on your rc.firewall. It can be time consuming to set up nicely (particularly if you're using the same machine as a gateway for an internal LAN, as I am) but it's well worth the time spent. -- Chris Hallams Oaks P/L To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807150354.NAA26061>