On Mon, 24 Feb 2003 10:59, Tim Spriggs wrote: > > That's the only thing to do, if someone is excessively scanning you then > > you block their IP addresses for a while. Of course you can't be too > > trigger happy with this or you'll end up with half the Internet in your > > firewall rule set... > > In the defense of the ballistic person that is complaining about the > portscan, one of our servers is running a backup server that dies with no > error/warning when the server is portscanned. Unfortunately, our servers > can not be put behind a firewall as funding is at an all time low.
!?!?!? Firstly having a backup server on a public IP address is just asking for trouble. What OS are you using? Presumably if it was Linux you would have solved the problem with iptables or ipchains long ago... BTW As a rule of thumb, if you can crash it then you can probably exploit it, I hope that server isn't running as root. > This is a very inconvenient feature and the company that provides the > backup server will do nothing about it so we have to manually restart the > deamon from time to time because we were (innocently) portscanned. That sucks. Napster clients used to do the same, but you couldn't complain too much about free software that is used for unauthorised audio copying. ;) -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
