Problem with someone port scanning me
Dragoncrest
dragoncrest at voyager.net
Thu Feb 12 10:41:32 PST 2004
Thanks. I'm gonna give this one a spin. Gonna keep scanlogd in the
back of my mind as something else to try should this not work. Thanks.
One last question. Does IPF work by default or do I have to do anything
special? And I'm assuming I just type IPF at the command line and the
program does the rest?
>
> On Thu, 12 Feb 2004 11:12:53 -0500
> Dragoncrest <dragoncrest at voyager.net> granted us these pearls of wisdom:
>
> > For the past couple of days I've had someone on our lan port
scanning my
> > box. Not sure what's up with that, but I'm curious if there's a way
to log
> > what IP address this is coming from. I don't have IPFW enabled yet
as I
> > haven't had the time to configure it at this point as it's currently
behind
> > the company firewall on our T3. Is there a way to log where it's
coming
> > from? Or is that already being logged somewhere?
>
> I wonder if you might get some benefit from a couple of simple IPF rules
> and a quick portsentry install.
>
> /etc/ipf.rules
>
> pass in log on interface0 from any to any
> pass out log on interface0 from IP to any
>
> with the appropriate startup would give you a good idea of the IP
> address the scan is comming from. Whether your DHCP server admin will
> tell you who that address is is a different matter.
>
> HTH
>
> LK
>
>
More information about the freebsd-questions
mailing list