Re: Mediaone/AT&T broadband port scans

From: James Cole (colejd@mediaone.net)
Date: 01/05/02 

From: "James Cole" <colejd@mediaone.net>
To: "Doug Wombles" <fisdu@hotmail.com>, "security-basics-sc.1001087749.mdofbhllphodmnlahebe-colejd=mediaone.net@securityfocus.com" <security-basics@securityfocus.com>
Date: Sat, 5 Jan 2002 08:54:00 -0500

Sorry, but firewalls do NOT hide IP's. They block ports. The only thing
that hides IP's is NAT. You think the firewall is hiding your IP because
the firewall kills the connection attempt to THAT port. Any good hacker can
tell the difference between a firewall blocked attempt and a non-active IP.

Beyond that, a firewall has nothing to do with getting scanned or not. I
have a firewall and I get scanned all the time. They don't get any real
info, but they do know that I exist and that I have a firewall up and
running.

Think of the firewall as a fence in front of the house. I know your there
but I can't get to it until I find an open hole (scanning).

Jim

----- Original Message -----
From: "Doug Wombles" <fisdu@hotmail.com>
To: <Survivo968@aol.com>; <colejd@mediaone.net>;
<security-basics@securityfocus.com>
Sent: Friday, December 14, 2001 2:51 PM
Subject: Re: Mediaone/AT&T broadband port scans

> sounds like you guys need to get a firewall that will hide your IP!! I
use
> Sygate at my house and even if I scan my IP from work, it doesn't even
show
> up. It is a free download and very easy to configure. You can set things
> to either allow always, ask, or deny. and their last update corrected a
> couple of flaws so now it doesn't allow access for inbound traffic until
you
> grant it access.
>
> later
> dw
>
> >From: Survivo968@aol.com
> >To: colejd@mediaone.net, security-basics@securityfocus.com
> >Subject: Re: Mediaone/AT&T broadband port scans
> >Date: Thu, 13 Dec 2001 00:03:33 EST
> >
> >IP: 24.98.158.70
> >DNS: att-98-158-70.atl.mediaone.net
> >RPC TCP port scan
> >i got this 12/12/01
> >tell me about scans and ill laugh....im just a home user
> >who gets atleast 100 if not more scans a day
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>

Relevant Pages

  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
    (microsoft.public.win2000.security)
Quantcast