Hm, 20/day is about what I get I think. I'm collecting stats, just haven't done much processing of them. Anyone logging ipchains DENYs for this (like me) might want to check out packet2sql (http://sourceforge.net/projects/packet2sql/). Pulls the ipchains lines out of log files and puts them in a SQL db. Should make analysis much easier, if I ever get around to it. Quoting "Austad, Jay" <austad at marketwatch.com>: > I get scanned quite a bit on my DSL also, probably about 20 times a day. > That's nothing compared to one of my networks, over 6000 portscans a day > (some are dummy scans of course, but it's still alot). Fun. > > > > > -----Original Message----- > > From: joel at luths.net [mailto:joel at luths.net] > > Sent: Wednesday, June 06, 2001 10:50 AM > > To: tclug-list at mn-linux.org > > Subject: Re: [TCLUG] Security > > > > > > I'm running DSL and I get *lots* of scans. > > > > Quoting Brian <lxy at cloudnet.com>: > > > > > On Tue, 5 Jun 2001, Dave Sherohman wrote: > > > > > > > > > > > Nah. They're talking to portmap, not telnetd. Those requests are > > > asking > > > > about available RPC services, most likely in hopes of finding a > > > vulnerable > > > > NIS or NFS installation. > > > > > > Ok, I've heard of exploits on RPC, now I'm curious. What's > > using RPC? > > > Is > > > it just NIS and NFS? I've heard of tons of RPC ports > > strewn about that > > > can be exploited, it's the only remaining port that I'm > > worried about on > > > my system. > > > > > > back to the original question on security, port scans are part of > > > life. Kiddies all over the internet like to run their port scanners > > > because they're HACKERS and they're unstoppable! just like in the > > > movie! *rolls eyes* Just make sure you aren't running anything > > > unnecessary, like xfs, nis, nfs, etc. Out of curiosity, > > are you on a > > > cable modem? I've noticed that when I was on DSL no one > > even looked at > > > my > > > box but on cable in the last week I've collected large amounts of IP > > > addresses probing away at my firewall. They've mainly been > > targeting > > > FTP, > > > which is odd, since I hadn't had ftpd up and running at that point. > > > Real > > > bright ones, they are! :-) > > > > > > tcp wrappers do a pretty good job, an ALL:ALL in hosts.deny lets me > > > sleep > > > at night anyway. I also have a policy of denying ICMP > > requests on my > > > outside interface just to thwart the really stupid kiddies. Between > > > these > > > two I feel relatively secure. Then just check your startup > > script to > > > make > > > sure you aren't running anything you don't need to be. > > > > > > -Brian > > > > > > _______________________________________________ > > > tclug-list mailing list > > > tclug-list at mn-linux.org > > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > > > > > _______________________________________________ > > tclug-list mailing list > > tclug-list at mn-linux.org > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > >