[TriLUG] Port Scans on your firewalls?

Jeff Groves jgroves at krenim.org
Wed Mar 23 17:17:41 EST 2005


 From the traceroute info, it's a RR customer in South Carolina.

Get you trace logs together from the scan attempt, provide the time zone 
and time of day that the scans took place, your IP address at the time 
of the incident and send them off to abuse at rr.com and let them deal with it.

You're going to see a lot of this kind of junk on broadband 
connections.  I usually just ignore it unless the person is plain just 
being obnoxious about it. 

Nothing you do will ward-off port scan attempts.  They're going to port 
scan you no matter what you have in place.  Just make sure you have some 
kind of firewall in place to keep them out. 

Jeff G.

James Brigman wrote:

>Hey guys;
>
>How's service for you guys with time warner cable in the Raleigh area?
>I'm having a little bit of trouble with port scans coming from a
>particular host. Here's what the log entry looks like:
>
>Wed, 03/23/2005 13:53:05 - TCP connection dropped - Source:24.88.87.240,
>3307, WAN - Destination:24.88.248.163, 80, LAN - 'Possible Port Scan'
>
>I'm getting lots of these all day long. Does 24.88.87.240 ring a bell
>with anyone? Are there any defensive measures I can take with a basic
>firmware firewall? Would rolling my own Linux firewall give me any good
>options for warding off these port scans?
>
>JKB
>
>
>  
>

-- 
Law of Procrastination:
        Procrastination avoids boredom; one never has
        the feeling that there is nothing important to do.




More information about the TriLUG mailing list