Re: Kinda OT: Dealing with cracker attempts...
On Sun, 04 Jul 1999, Michael Alan Dorman wrote:
>So I was sitting here working on getting libnet-perl working with the
>new perl packages, and installing midentd on my firewall host so that
>I could get into some ftp sites, when what did I notice but ippl
>logging that someone was portscanning me.
>
>How do other people handle this? I mean, this host has basically all
>services but smtp and identd turned off, so I'm not _terrifically_
>worried about someone getting in. It does annoy me, though, and I'm
>wondering if people have any real-world suggestions as to ways to
>provide negative reinforcement to the cracker.
In such situations I generally do reverse DNS lookups, portscan them back,
finger them etc.
I don't regard it as a bad thing. I portscan my friends machines to see what
types of server programs they are playing with. I sometimes portscan web
robots that go through my web pages.
One time (years ago before I disabled rsh and friends) I noticed someone trying
to rexec various programs on my system. So I tried to rexec
/why/are/you/trying/to/rexec/on/my/system. ;) A few weeks later he read his
log files and send me an email explaining that a default icon in his X setup
did an rexec on a host named "snoopy", I ran machine snoopy in the same domain
as him.
If you're worried about portscanning then pick some uncommon port and run a
service on it which automatically launches a portscan on the machine which
connects to it. Make sure you have this set to scan a site no more than once
per day (otherwise if someone else has the same setup you'll end up scanning
each other until one of you runs out of bandwidth).
--
I am in London and would like to meet any Linux users here.
I plan to work in London until April and then move to another
place where the pay is good.
Reply to: