Hello all, I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously. Any help would be appreciated. Sean _____________________________________________________________________________ http://movies.yahoo.com.au - Yahoo! Australia & NZ Movies - Find out what's on at the local cinema with Yahoo! Movies -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sat, 27 May 2000, you wrote:
Hello all,
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously. Any help would be appreciated.
I like Portsentry for scans but that will not help with a DOS. What exactly do you want to do? -- Bob EMail BobFi@SWBell.net A Truly Wise Man Never Plays Leapfrog With A Unicorn... -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Port Sentry.. Go to www.freshmeat.net and look it up. ''~`` ( o o ) +------------------.oooO--(_)--Oooo.------------------+ |Paul Zimdars pzimdars@zimcity.net| | .oooO | | ( ) Oooo. | +---------------------\ (----( )--------------------+ _) ) / (_/ On Sat, 27 May 2000, [iso-8859-1] Sean Oonamey wrote:
Hello all,
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously. Any help would be appreciated.
Sean
_____________________________________________________________________________ http://movies.yahoo.com.au - Yahoo! Australia & NZ Movies - Find out what's on at the local cinema with Yahoo! Movies
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sean Oonamey tapped away at the keyboard with:
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously.
You need a firewall. Once you have that, you can not only set up strict filtering, but also process the rejected connections; holding open the "reject" connection for between 30 and 90 seconds frustrates most scanners because your machine looks too slow to be interesting. Furthermore; a traceroute will usually indicate their ISP. You can often (but not always) send off a message to their postmaster/abuse address. Sometimes; if you happen to be at your machine when an intrusion alarm goes off, you get lucky and have their connection pulled while they are still scanning. Reputable ISP's don't like to harbour scanners; the ISP's are generally aware of the legalities; a DoS attack is *illegal* in Australia and the culprit could be imprisoned depending on severity of the attack. A hefty fine is possible, not to mention possible civil action for actual damages. [It's useful to keep a log of the time you spend pursuing an attacker.] I've read recently that one hacker was arrested within a couple of hours of breaking into (or attempting to break into) some government systems in Sweden. Although the hacker thought he was anonymous, the Police/ISP tracked the phone connection back to a residence with the assistance of the local telco. It shouldn't take that long to track a connection in an ideal situation; it would be (technologically) possible to do that in a matter of a few minutes. The sociological consequences of the availability of such technology (i.e. the loss of privacy) should be considered; there should always IMHO be a requirement for the Police to obtain a "warrant" before such a telco connection is identified to prevent abuse. -- Bernd Felsche - Innovative Reckoning Perth, Western Australia -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I like portsentry from www.psionic.com. When it sees a port scan it will then dump the route and log it so you can complain to their ISP. It's super easy to set up. Randy Rathbun randy@rrr.2y.net http://rrr.2y.net/ Never try to keep up with the Joneses - Always drag them down to your level. - Quentin Crisp On Sat, 27 May 2000, [iso-8859-1] Sean Oonamey wrote:
Hello all,
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously. Any help would be appreciated.
Sean
_____________________________________________________________________________ http://movies.yahoo.com.au - Yahoo! Australia & NZ Movies - Find out what's on at the local cinema with Yahoo! Movies
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sat, 27 May 2000, Sean Oonamey wrote:
Hello all,
I was wondering what is the best way of detecting and disabeling someone who is scanning you? I have a port scanner to see who it is but I need to get rid of them. Is there a program specific to Suse 6.4 that will help me out here? I've had a couple of DoSs from two IP addresses simultaneously. Any help would be appreciated.
A firewall is essential. You can't "disable" them per se. You can set your firewall to simply drop packets. This means that, if the people at the other end are waiting for responses, they are being made to wait as long as *you* can possibly do. Bu this probably won't help because they probably are NOT waiting for responses. You can send appropriate extracts from their logs to the administrators at wherever they are coming from. (Use traceroute.) Or at least you can trace it some distance in that direction, and ask the administrators at the last site you find to help out. Your ISP may be able to help also. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (6)
-
bernie@innovative.iinet.net.au -
BobFi@swbell.net -
namoshay@yahoo.com.au -
pzimdars@Zerg.CrazyFOO.Org -
randy@rrr.2y.net -
warrl@blarg.net