Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anti-Death Penalty

From: moeller () NETWORKSPLUS NET (Derek Moeller)
Date: Fri, 28 Jan 2000 17:54:34 -0600

On Wed, Jan 26, 2000 at 03:25:00PM -0800, Robert Graham wrote:

FYI:

Recently, we are seeing what appears to be scans by @Home against their own
customers for NTTP and HTTP servers.


...


Note: If you are running a personal firewall, what you'd see is a connection
attempt against TCP ports 80 and 119. Apparently, they aren't looking for
anything else at this time (like SOCKS at port 1080, squid at 3128, or
anything else).


Here's my question: what if you set up a firewall rule to send a RST to
any port 80 (or 119) connection attempts made by their scanning
machine(s)? This would simulate a closed port. Are there any methods
available to combat this kind of trickiness? The only option I can think
of is DNS/IP tricks to make it seem like it is always a unique host,
however, one could become aggressive and block all 80/119 traffic from
*.home.com.

-- 
Derek Moeller


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: