[lug] @home and "the scan"
Neal McBurnett
nealmcb at avaya.com
Mon Sep 4 21:54:02 MDT 2000
I get scanned by them every 6 hours, but only for the sandard nntp
port. They watch that one because they were threatened with the
Usenet Death Penalty back in January:
http://www.stopspam.org/usenet/faqs/udp.html
http://www.cnn.com/2000/TECH/computing/01/13/athome.udp/
I have gotten them also from 24.0.0.203
authorized-scan1.security.home.net
Ipchains is great....
/var/log/kernel:
Aug 14 05:11:16 key kernel: Packet log: input DENY eth0 PROTO=6
24.0.94.130:38348 24.181.176.160:119 L=44 S=0x00 I=8655 F=0x0000 T=246 SYN (#9)
-Neal
Once upon a time, Nate Duehr <nate at natetech.com> wrote:
> It's definitely not a myth. I've seen too many folks with similar
> stories as yours.
>
> Of course, an IPCHAINS rule to drop everything from 24.0.94.130 should
> take care of it. :)
>
> On Mon, Sep 04, 2000 at 09:19:28PM -0400, John Starkey wrote:
> > If any one remembers the thread regarding the @home scanning for services
> > myth....
> >
> > I just found this in my logs in hosts.deny
> >
> > 130.94.0.24.in-addr.arpa. 86400 IN PTR
> > authorized-scan.security.home.net.
> >
> > John
More information about the LUG
mailing list