On Fri, 2003-04-18 at 12:15, Jerry Feldman wrote:
On 18 Apr 2003 20:06:48 +0100 Adam Leach
wrote: Hi, Someone is port scanning every single port on my machine, here are a few examples. I run SuSE Linux 8.1, and the firewall is dropping most of the attempts.
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it. Close as many ports as you can. That's why I prefer an external dedicated firewall or NAT box. Some ISPs scan their customers to fine out if they are running servers or any other security breaches.
Isn't this already being dropped? "SuSE-FW-DROP-DEFAULT" The source is from the Netherlands: host 195.86.128.45 45.128.86.195.in-addr.arpa. domain name pointer kes.wirehub.nl Although they seem to be hitting your high ports: DPT=17319 and: DPT=13501 quick Google did not find anything. Matt