[TCLUG] Security

Wed Jun 6 11:33:17 CDT 2001

I get scanned quite a bit on my DSL also, probably about 20 times a day.
That's nothing compared to one of my networks, over 6000 portscans a day
(some are dummy scans of course, but it's still alot).  Fun.

> -----Original Message-----
> From: joel at luths.net [mailto:joel at luths.net]
> Sent: Wednesday, June 06, 2001 10:50 AM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] Security
> 
> 
> I'm running DSL and I get *lots* of scans.
> 
> Quoting Brian <lxy at cloudnet.com>:
> 
> > On Tue, 5 Jun 2001, Dave Sherohman wrote:
> > 
> > > 
> > > Nah.  They're talking to portmap, not telnetd.  Those requests are
> > asking
> > > about available RPC services, most likely in hopes of finding a
> > vulnerable
> > > NIS or NFS installation.
> > 
> > Ok, I've heard of exploits on RPC, now I'm curious.  What's 
> using RPC? 
> > Is
> > it just NIS and NFS?  I've heard of tons of RPC ports 
> strewn about that
> > can be exploited, it's the only remaining port that I'm 
> worried about on
> > my system.
> > 
> > back to the original question on security, port scans are part of
> > life.  Kiddies all over the internet like to run their port scanners
> > because they're HACKERS and they're unstoppable!  just like in the
> > movie!  *rolls eyes*  Just make sure you aren't running anything
> > unnecessary, like xfs, nis, nfs, etc.  Out of curiosity, 
> are you on a
> > cable modem?  I've noticed that when I was on DSL no one 
> even looked at
> > my
> > box but on cable in the last week I've collected large amounts of IP
> > addresses probing away at my firewall.  They've mainly been 
> targeting
> > FTP,
> > which is odd, since I hadn't had ftpd up and running at that point. 
> > Real
> > bright ones, they are! :-)
> > 
> > tcp wrappers do a pretty good job, an ALL:ALL in hosts.deny lets me
> > sleep
> > at night anyway.  I also have a policy of denying ICMP 
> requests on my
> > outside interface just to thwart the really stupid kiddies.  Between
> > these
> > two I feel relatively secure.  Then just check your startup 
> script to
> > make
> > sure you aren't running anything you don't need to be.
> > 
> > -Brian
> > 
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > 
> > 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 