port scans
in [Firewalls]
|
From: Rick on 21 Feb 2010 10:18 I have 1 ftp server and 3 simple pc's. Only the ftp server gets "port scanned". How do they know to scan that one?
From: Moe Trin on 21 Feb 2010 13:31 On Sun, 21 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in article <hlrirp$grn$5(a)news.eternal-september.org>, Rick wrote: >I have 1 ftp server and 3 simple pc's. >Only the ftp server gets "port scanned". >How do they know to scan that one? They don't. Are all four systems equally visible from the world? Does each one have it's own `world reachable' IP address? Are they all in the same range of IP addresses, in the same facility? Are they all using the same version operating system? Are all of them equally active? Are all of them equally `clean'? Work stations generally don't offer services to the Internet, but if you are offering FTP service to the world, more people know about the server than the non-serving systems. It's something obvious that you aren't thinking about. Old guy
From: Rick on 21 Feb 2010 13:54 Moe Trin wrote: > On Sun, 21 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in > article<hlrirp$grn$5(a)news.eternal-september.org>, Rick wrote: > >> I have 1 ftp server and 3 simple pc's. >> Only the ftp server gets "port scanned". >> How do they know to scan that one? > > They don't. Are all four systems equally visible from the world? > Does each one have it's own `world reachable' IP address? Are they > all in the same range of IP addresses, in the same facility? Are > they all using the same version operating system? Are all of them > equally active? Are all of them equally `clean'? Work stations > generally don't offer services to the Internet, but if you are > offering FTP service to the world, more people know about the > server than the non-serving systems. It's something obvious that > you aren't thinking about. > > Old guy There is 1 external, non-static IP ==>modem==>router(DMZ)==>SonicWall==> linux FTP server, windows xp3, windoes xp3. The latter all use LAN ip addresses of course. Since any ftp "user" would have to know the secret handshake I am wondering how the chinese and the koreans know about the ftp server! - just curious
From: Rick on 22 Feb 2010 13:43 note that 192.168.1.205 is the address of the sonicwall from the router and is not the LAN address of the ftp server.
From: Moe Trin on 22 Feb 2010 15:07 On Sun, 21 Feb 2010, in the Usenet newsgroup comp.security.firewalls, in article <hlrvgm$66h$1(a)news.eternal-september.org>, Rick wrote: >Moe Trin wrote: >> Rick wrote: >>> I have 1 ftp server and 3 simple pc's. >>> Only the ftp server gets "port scanned". >>> How do they know to scan that one? >> They don't. Are all four systems equally visible from the world? >> Does each one have it's own `world reachable' IP address? >There is 1 external, non-static IP ==>modem==>router(DMZ)==>SonicWall==> >linux FTP server, windows xp3, windoes xp3. One external address -> several systems. How is the SonicWall told to route packets. Send them equally to all systems? Of course not. Obviously it's not going to send packets for port 20-21/ftp to the workstations, because that's not where the FTP server is. So look at the way you've configured the SonicWall. >The latter all use LAN ip addresses of course. So it's all the SonicWall that's deciding how to route packets. >Since any ftp "user" would have to know the secret handshake I am >wondering how the chinese and the koreans know about the ftp server! Unlikely that they do - they're scanning the entire external IP range - perhaps as widely as 1.0.0.1 to 222.255.255.254 looking to see "what is there". Linux server - do you have nmap installed? The man page is extensive, and there's probably a lot more documentation in /usr/share/nmap*/. They scan your address - let's say it's 192.0.2.11 on the external side, and your SonicWall forwards those packets to.... >- just curious Do you intend to offer FTP service to every IP address in the world, or are you only intending to offer to North America, Pennsylvania, or New York City? IP addresses are not allocated/assigned in a simple manner arranged for convenient filtering. For example, the IPv4 address range 130.0.0.0 - 130.255.255.255 is allocated/assigned to 228 networks in ten countries from New Zealand and Japan through Europe (Denmark and France) to North America (Canada and USA). See http://www.iana.org/assignments/ipv4-address-space for regional clues. As of the 15th, there were 3007 million IPv4 addresses in 228 countries in 100341 IP blocks. Old guy
|
Next
|
Last
Pages: 1 2 3 4 Prev: McAfee's Firewall and blocking Next: Call for papers: ISP-10, Orlando, USA, July 2010 |