Problem with someone port scanning me

[Dragoncrest]

Thanks.  I'm gonna give this one a spin.  Gonna keep scanlogd in the
back of my mind as something else to try should this not work.  Thanks.

One last question.  Does IPF work by default or do I have to do anything
special?  And I'm assuming I just type IPF at the command line and the
program does the rest?

> 
> On Thu, 12 Feb 2004 11:12:53 -0500
> Dragoncrest <dragoncrest at voyager.net> granted us these pearls of wisdom:
> 
> > 	For the past couple of days I've had someone on our lan port
scanning my 
> > box.  Not sure what's up with that, but I'm curious if there's a way
to log 
> > what IP address this is coming from.  I don't have IPFW enabled yet
as I 
> > haven't had the time to configure it at this point as it's currently
behind 
> > the company firewall on our T3.  Is there a way to log where it's
coming 
> > from?  Or is that already being logged somewhere?
> 
> I wonder if you might get some benefit from a couple of simple IPF rules
> and a quick portsentry install. 
> 
> /etc/ipf.rules
> 
> pass in log on interface0 from any to any
> pass out log on interface0 from IP to any
> 
> with the appropriate startup would give you a good idea of the IP
> address the scan is comming from. Whether your DHCP server admin will
> tell you who that address is is a different matter.
> 
> HTH 
> 
> LK
> 
>