Security Incidents mailing list archives
Re: Anti-Death Penalty
From: moeller () NETWORKSPLUS NET (Derek Moeller)
Date: Fri, 28 Jan 2000 17:54:34 -0600
On Wed, Jan 26, 2000 at 03:25:00PM -0800, Robert Graham wrote:
FYI: Recently, we are seeing what appears to be scans by @Home against their own customers for NTTP and HTTP servers.
...
Note: If you are running a personal firewall, what you'd see is a connection attempt against TCP ports 80 and 119. Apparently, they aren't looking for anything else at this time (like SOCKS at port 1080, squid at 3128, or anything else).
Here's my question: what if you set up a firewall rule to send a RST to any port 80 (or 119) connection attempts made by their scanning machine(s)? This would simulate a closed port. Are there any methods available to combat this kind of trickiness? The only option I can think of is DNS/IP tricks to make it seem like it is always a unique host, however, one could become aggressive and block all 80/119 traffic from *.home.com. -- Derek Moeller <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- ?, (continued)
- ? C. (Jan 24)
- Re: ? Mike Tancsa (Jan 24)
- Re: ? Brock Sides (Jan 24)
- Re: unapproved AXFR Russell Fulton (Jan 24)
- No Idea CN (Jan 25)
- PC Anywhere client seems to probe class C of connected networks Troy Ablan (Jan 25)
- Re: PC Anywhere client seems to probe class C of connected networks Steve Ellermann (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Paul L Schmehl (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Jose Nazario (Jan 26)
- Anti-Death Penalty Robert Graham (Jan 26)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)