With ipchains in a linux server you can do sort of this:

ipchains -I input -p tcp -d your.ip.address/32 111 -j DENY -l

the -l param. log the discarded packets to /var/log/messages, there u can
find them, if u don't like to purge your logs u can use some packages like
logcheck to receive a periodical email with the reports.
 Also I suggest u to block ALL your unused ports , my configuration has the
entries for the used one, and at the end a line like the above but without
port number denying all the connections and logging them

----- Original Message -----
From: <razorLDC.RO>
To: <INCIDENTSSECURITYFOCUS.COM>
Sent: Thursday, January 18, 2001 4:51 PM
Subject: Re: anyone else seen an increase in sunrpc scans these days?

> On Tue, Jan 16, 2001 at 10:58:15AM +0100, Digital Overdrive wrote:
> > [requoted]
> >
> > Just one question: How do you detect these scans ?
> > I can't find anything in my logs, but I don't have programs like
> > portsentry running. What can you (all) advice me ?
> >
>
> ipfilter here, on a freebsd box.
>
> /etc/ipf.conf has something like
> --------------
> pass out quick on ed0 proto tcp from internal_net/24 to any flags S/SAFR
keep state
> pass out quick on ed0 proto udp from internal_net/24 to any keep state
>
> block in log quick on ed0 all <- this is the line that
gives me all messages.
> ---------------
>
> I use plog (part of the ipfilter package) to generate reports on scans.
>
> ------------+------------------------------------------
> Alex Popa, | "Artificial Intelligence is
> razorldc.ro| no match for Natural Stupidity"
> ------------+------------------------------------------
> "It took the computing power of three C-64s to fly to the Moon.
> It takes a 486 to run Windows 95. Something is wrong here."

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]