[NTLUG:Discuss] Anyone runs ftp, mail server, httpd and get catched from @home
Steve Egbert
egbert at efficient.com
Wed Jan 10 17:23:38 CST 2001
Actually, I think you would have a better chance of coverage if you do the
following:
/etc/hosts.deny
ALL: tci.net, tci.com, home.net, att.net
HOME.NET is used frequently by @Home corporate and network operation center.
But, as a warning, this hosts.deny would not stop unregistered IP address or
contracted security-scanner hosts.
S
> -----Original Message-----
> From: lee at brave.com [mailto:lee at brave.com]
> Sent: Wednesday, January 10, 2001 5:04 PM
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] Anyone runs ftp, mail server,
> httpd and get
> catched from @home
>
>
> On Wed, 10 Jan 2001, MadHat wrote:
>
> >
> > As of today they hit my box at least every 2 days looking for nntp
> > servers. I would not put my money on them _NOT_ looking
> for other daemons
> > in the future. While they may not do it on a regular
> basis, I have been
> > hit by their authorized-scan1.security.home.net machine. I
> have been hit
> > looking for daemons other than nntp, but not on a regular basis.
> >
> > I am not saying if you break the rules, you will be caught,
> but don't be
> > surprised if you do.
> >
>
> oops, yup, i forgot they do scan for nntp servers. they were
> very close
> to being hit with the usenet death penalty, that's prolly what brought
> that on. there's an easy solution to that, tho: in
> /etc/hosts.deny put
> ALL: authorized-scan1.security.home.net
> and you won't be on their radar untill they change the "snoop" server
> hostname...
>
> -- lee
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list