Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

@home security (was: Re: Security problem?)

0 views
Skip to first unread message

Seth Arnold

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
Yeah, I too noticed many scans for nntp servers, but nothing on other
ports; the fun part, a quick ipf rule would have them always in the
dark....

* dreamwvr <drea...@dreamwvr.com> [001005 12:10]:
> hi,
> from observations what they appear to be paranoid about really
> is nntp servers as they are huge bw hogs..


rob

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
dreamwvr wrote:
>
> hi,
> yes correcto mundo i tend to use them as a litmus test of sorts
> for port scannings and yes the greatest inconvenience is that
> they tend to do it too often and too predictably.. which can be
> another issue;-))
> Best Regards,
> drea...@dreamwvr.com


I'm curious what ports others' are getting scanned on. On my laptop nic
address I get scanned on TCP port 119, by
"authorize...@home.com". This goes on for a few seconds every
hour or so. On my big box, I get scanned on UDP port 68 by some
nondescript @home server in Washington state. It goes on continuously.
I pick up the scans with portscanner.

I wonder why they scan some ports on one nic, and other ports on
another. Perhaps it is linked to they OS that you fill in on applying
for additional IP addresses. I used Mac OS for #1, and Windows for #2.

I complained to ab...@home.com about the port 68 scans, but never heard
from them. Rob.


dreamwvr

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to

Seth Arnold

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
* rob <eur...@home.com> [001005 18:25]:

> On my big box, I get scanned on UDP port 68 by some
> nondescript @home server in Washington state. It goes on continuously.

I do think these instead are people trying to acquire a dhcp lease.
Unless, of course, the source IP is from their security subdomain. :)


Chris Silva

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
Here is what I use in my FBSD firewall for that ;)

# Kill @home's authorized-scan.security.home.net subnet
${fwcmd} add deny log all from 24.0.94.0/24 to any


#-----Original Message-----
#From: owner...@openbsd.org [mailto:owner...@openbsd.org]On Behalf Of
#Ross Alexander
#Sent: Thursday, October 05, 2000 9:07 PM
#To: mi...@openbsd.org
#Subject: Re: @home security (was: Re: Security problem?)
#
#
#> I get scanned on TCP port 119, by
#> "authorize...@home.com"
#
#Same here.
#
#--
#Ross Alexander
#RossAl...@Home.com
#


Ross Alexander

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
> I get scanned on TCP port 119, by
> "authorize...@home.com"

Same here.

--
Ross Alexander
RossAl...@Home.com


dreamwvr

unread,
Oct 6, 2000, 3:00:00 AM10/6/00
to
hi rob,

> I'm curious what ports others' are getting scanned on. On my laptop nic
> address I get scanned on TCP port 119, by
> "authorize...@home.com". This goes on for a few seconds every
> hour or so. On my big box, I get scanned on UDP port 68 by some

> nondescript @home server in Washington state. It goes on continuously.
> I pick up the scans with portscanner.
2 119 well we alrady know why;-)) port68 is because if you are on a
dhcp network and need that port open to connect to your dhcpd server
to get you dyn addr. but they might also be checking to see if your
running a vulnerable dhclient so they can play dhcpd server games
ang get root on your box if your running a vulnerable version of dhcp client.
you added the patch didn't you? ;-)) that is if your doing that on that
box.. otherwise well then add the patch on whatever host plays
lets play a numbers game:-))
Best Regards,
drea...@dreamwvr.com
0 new messages