Re: IPCOP - Block Port Scanning from Inside
From: David (thunderbolt01_at_netscape.net)
Date: 05/27/04
- Previous message: phil reither: "Re: spam jibberish"
- In reply to: Todd: "IPCOP - Block Port Scanning from Inside"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 06:15:35 GMT
Todd wrote:
> I have been warned today that a machine inside my network is port
> scanning another machine outside my network. How can I use IPCOP and
> IPTables to block this particular type of outbound traffic? I have had
> no luck locating the machine to shut it down. I would like the
> firewall to block it soI can be sure that unpatched or infected
> machines do not cause this again. I am using IPCOP v1.3 with all fixes
> applied.
>
> Thanks!
>
> Please see the sample log emailed to me below: (IP addresses removed
> and replaced with "My IP" and "Their IP")
>
> EDT(GMT-4) May 21 20:04:05 My IP:2759 -> Their IP:2745 SYN ******S*
> EDT(GMT-4) May 21 20:04:05 My IP:2768 -> Their IP:1025 SYN ******S*
> EDT(GMT-4) May 21 20:04:11 My IP:2769 -> Their IP:445 SYN ******S*
> EDT(GMT-4) May 21 20:04:05 My IP:2776 -> Their IP:3127 SYN ******S*
> EDT(GMT-4) May 21 20:04:11 My IP:2777 -> Their IP:6129 SYN ******S*
> EDT(GMT-4) May 21 20:04:05 My IP:2782 -> Their IP:1433 SYN ******S*
> EDT(GMT-4) May 21 20:04:11 My IP:2783 -> Their IP:5000 SYN ******S*
From the ports listed it looks like the system may be a windows
system that is infected with one or more of the viruses that are
going around.
-- Confucius: He who play in root, eventually kill tree. Registered with The Linux Counter. http://counter.li.org/ Slackware 9.1.0 Kernel 2.4.26 SMP i686 (GCC) 3.3.3 Uptime: 12 days, 4:00, 2 users, load average: 1.11, 1.04, 1.0
- Previous message: phil reither: "Re: spam jibberish"
- In reply to: Todd: "IPCOP - Block Port Scanning from Inside"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
