Date: Sat, 24 Apr 1999 22:01:18 +0300 From: =?koi8-r?Q?=E1=CE=C4=D2=C5=CA=20=F7=2E=20=EF=CC=C5=CA=CE=C9=CB?= (Andy V. Oleynik) <andyo@prime.net.ua> To: security@FreeBSD.ORG Subject: Re: network scan Message-ID: <372214FD.A0035005@prime.net.ua> References: <007c01be8e71$a76c64e0$f439fea9@hing>
next in thread | previous in thread | raw e-mail | index | archive | help
IPFW does it for U. Only thing U may take care about is ftpd which accepts connections from Internet. But if U've this service public U have only to advance its security. Generally U may to tcpdump xl0 for pattern src host 203.93.49.252 to be sure that this is not spoofed and contact corresponding responsible person to realize what happened. BTW, lately in the internet too much lammers appeared that used SATAN :) danny wrote: > >From the system log, I found that someone try to scan my server. How can I > stop him from do it again? > Danny > > Apr 24 19:33:30 server /kernel: ipfw: 14100 Deny TCP 203.93.49.252:2348 > w.x.y.z:80 in via xl0 > Apr 24 19:34:19 server /kernel: ipfw: 16000 Accept TCP 203.93.49.252:2421 > w.x.y.z:21 in via xl0 > Apr 24 19:34:26 server ftpd[36695]: refused connect from 203.93.49.252 > Apr 24 19:34:32 server /kernel: ipfw: 26000 Deny UDP 203.93.49.252:1025 > w.x.y.z:161 in via xl0 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Andy V. Oleynik (When U aim for perfection, U discover it's a moving target ö80) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372214FD.A0035005>