Sean Oonamey tapped away at the keyboard with:
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously.
You need a firewall. Once you have that, you can not only set up strict filtering, but also process the rejected connections; holding open the "reject" connection for between 30 and 90 seconds frustrates most scanners because your machine looks too slow to be interesting. Furthermore; a traceroute will usually indicate their ISP. You can often (but not always) send off a message to their postmaster/abuse address. Sometimes; if you happen to be at your machine when an intrusion alarm goes off, you get lucky and have their connection pulled while they are still scanning. Reputable ISP's don't like to harbour scanners; the ISP's are generally aware of the legalities; a DoS attack is *illegal* in Australia and the culprit could be imprisoned depending on severity of the attack. A hefty fine is possible, not to mention possible civil action for actual damages. [It's useful to keep a log of the time you spend pursuing an attacker.] I've read recently that one hacker was arrested within a couple of hours of breaking into (or attempting to break into) some government systems in Sweden. Although the hacker thought he was anonymous, the Police/ISP tracked the phone connection back to a residence with the assistance of the local telco. It shouldn't take that long to track a connection in an ideal situation; it would be (technologically) possible to do that in a matter of a few minutes. The sociological consequences of the availability of such technology (i.e. the loss of privacy) should be considered; there should always IMHO be a requirement for the Police to obtain a "warrant" before such a telco connection is identified to prevent abuse. -- Bernd Felsche - Innovative Reckoning Perth, Western Australia -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/