Problem with someone port scanning me
Luke Kearney
lukek at meibin.net
Thu Feb 12 08:06:13 PST 2004
On Thu, 12 Feb 2004 11:12:53 -0500
Dragoncrest <dragoncrest at voyager.net> granted us these pearls of wisdom:
> For the past couple of days I've had someone on our lan port scanning my
> box. Not sure what's up with that, but I'm curious if there's a way to log
> what IP address this is coming from. I don't have IPFW enabled yet as I
> haven't had the time to configure it at this point as it's currently behind
> the company firewall on our T3. Is there a way to log where it's coming
> from? Or is that already being logged somewhere?
I wonder if you might get some benefit from a couple of simple IPF rules
and a quick portsentry install.
/etc/ipf.rules
pass in log on interface0 from any to any
pass out log on interface0 from IP to any
with the appropriate startup would give you a good idea of the IP
address the scan is comming from. Whether your DHCP server admin will
tell you who that address is is a different matter.
HTH
LK
More information about the freebsd-questions
mailing list