port scans
in [Firewalls]
|
From: Moe Trin on 24 Feb 2010 15:00 On Tue, 23 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in article <hm0uog$1h0$3(a)news.eternal-september.org>, Rick wrote: >Regis wrote: >Yes, I know, but I think we should institute our own Fire-Back Bot >Herd! Already addressed. Bad idea. >> Not as long as you might think, and with so many computers, >> attackers and enterprising blackhats with botnets to distribute >> the work, it's doable. >One assumes that IP6 will make such work more difficult! 2/15/2010 23:50 UTC TOTAL IPv4 3006793288 addresses 100341 networks TOTAL IPv6 11064.336853 x 10e30 addresses 4377 networks The _smallest_ IPv6 assignments are four /64s (in the UK, Hong Kong, Japan and Korea), and each one contains 18,446,744,073,709,551,616 (18.45e18) addresses - about 4.3 billion times all of IPv4 space. The next larger assignments/allocations are 676 /48s which are 65536 times larger. Old guy
From: Rick on 25 Feb 2010 12:30 Moe Trin wrote: > On Wed, 24 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in > article<hm32c1$d0n$5(a)news.eternal-september.org>, Rick wrote: > >> Moe Trin wrote: > >>> Rick wrote: > >>>> One more thing however, it only took 15 minutes from the first use of >>>> the ftp server before these, let's call 'em probes, started. ONce upon >>>> a time (before sonicwall) they would try a username-password script. > >>> As for the username-password stuff - be glad you aren't running a >>> publicly visible SSH server on port 22. They get pounded trying all >>> kinds of common usernames/passwords. > >> So moving to sftp would not help - is that what you're saying? > > Depends on what you are doing with FTP. There are tens of thousands > of FTP sites on the Internet that allow anonymous downloads. I don't > do windoze, but for Linux, you should be aware of places like ibiblio.org > (the former sunsite.unc.edu, which was renamed metalab.unc.edu before > it's current rename), 'distro.ibiblio.org' and the site specific to your > Linux distribution. These sites are giving software/files away, and all > you need is the username ('ftp' or 'anonymous') and your email address > as password. Nothing to hide or secure, so FTP is fine. > > Other sites restrict access to specific users, and may even allow > uploads. For this, FTP is less suitable, primarily because the > username and password go over the net as clear text - visible to > anyone using a packet sniffer. 'sftp' or similar protocol using > encrypted networking, is a more robust solution. > > Still other sites have even tighter restrictions. For that, one-time > authentication methods (often involving security tokens like SecurID > (Security Dynamics Co - now rsa.com) or CryptoCard (cryptocard.com) > or similar are more desirable. > > It's a bit dated, but see "Practical UNIX and Internet Security, Third > Edition" by Garfinkel, Spafford, and Schwartz (O'Reilly and Associates, > ISBN 0-596-00323-4, 984 pgs, Feb. 2003, US$55). > > Old guy Thanks for the info and the reference. It's clear from logs that they do not know my ftp server is <username> "anonymous" but requires any email address in the <password> field! So they keep trying to find the above. So I conclude that they do not really know much about it. And it has no classified info, ever, so my concern is strictly theoretical.
From: Moe Trin on 25 Feb 2010 20:45 On Thu, 25 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in article <hm6rsg$d1p$3(a)news.eternal-september.org>, Rick wrote: >Moe Trin wrote: >> Depends on what you are doing with FTP. >> It's a bit dated, but see "Practical UNIX and Internet Security, Third >> Edition" by Garfinkel, Spafford, and Schwartz (O'Reilly and Associates, >> ISBN 0-596-00323-4, 984 pgs, Feb. 2003, US$55). >Thanks for the info and the reference. Even the second edition (April 1996, ISBN 1-56592-148-8 1004 pgs) is good reading and mainly still valid if you find a copy in a used book store or library. Another good reading source in the HOWTOs from the Linux Documentation Project. These used to be part of every install (now put in /usr/share/HOWTO), If you're in North America, try ftp://ibiblio.org/pub/linux/docs/HOWTO/ (also available as http://) or http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html. There are 450+ documents (~3.9 million words, ~11,700 pages) there alone - start with 280957 Jan 19 14:15 HOWTO-INDEX 136805 Jan 19 14:15 INDEX which gives brief descriptions of each one. Another site to look at is http://www.netfilter.org/documentation/HOWTO/ which has a number of other howtos relating to firewall techniques using Linux. And yet another site is http://tldp.org/guides.html which has 47 entire books available in several formats from raw ASCII, HTML and printer ready PDFs or postscripts. An example is: * Securing & Optimizing Linux: The Ultimate Solution version: 2.0 author: Gerhard Mourani, <gmourani(a)openna.com> last update: July 2002 available formats: 1. PDF (6.2MB) 2. Example server configuration files (tar file; described in book as "floppy.tgz"). Mastering security with Linux and getting the maximum out of your system have never been easier. Securing & Optimizing Linux: The Ultimate Solution (v2.0) has been written and achieved with tightening security to an incomparable level in mind. One of its main features is the easy path from beginning to end in a smooth manner, step by step for beginners as well as for experts. More information (and updates) available from: http://www.openna.com/products/books.php. older version: Securing and Optimizing Linux Red Hat Edition - A Hands on Guide version: 1.3 author: Gerhard Mourani, <gmourani(a)openna.com> last update: August 2000 available formats: 1. HTML (read online) 2. HTML (tarred and gzipped package, 1.5MB) 3. PDF (4.9MB) 4. Example server configuration files (tar file; described in book as "floppy.tgz"). All of this is free for your download. >It's clear from logs that they do not know my ftp server is <username> >"anonymous" but requires any email address in the <password> field! 1635 How to Use Anonymous FTP. P. Deutsch, A. Emtage, A. Marine. May 1994. (Format: TXT=27258 bytes) (Also FYI0024) (Status: INFORMATIONAL) >So they keep trying to find the above. So I conclude that they do not >really know much about it. And it has no classified info, ever, so my >concern is strictly theoretical. Makes you wonder, doesn't it. RFC1635 has been around for 16 years, but they're sure you've got the good stuff hidden there, and they have to work to find it. ;-) Old guy
First
|
Prev
|
Pages: 1 2 3 4 Prev: McAfee's Firewall and blocking Next: Call for papers: ISP-10, Orlando, USA, July 2010 |