help with port scan
Results 1 to 7 of 7

Thread: help with port scan

  1. #1
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252

    help with port scan

    Over the weekend I have seen hundreds of smurf, syn and ack scans from an ip address that belongs to AOL. I have taken measures on my end to reduce the threat from this address but the scans are still proceeding.

    I don't want to start attacking that address since it might just be kid (with no clue) running nmap. Does anyone have a "Nice way" to inform a potential attacker that I know who they are and they should stop their activities?

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    maybe setup a fake telnet using something like netcat.

    when that person tries to telnet, they will get the message:

    "I know who you are, you little fu*&! Stop scanning me!"

    You can even display their ip addy and whatnot, depending on how much you want to script.

    I believe tedob1 or korpdeth had it already made up, instructions and all, sample scritps etc.

    I'll see if I can find them for you.

    Found them. Have a look at these tutorials, modify them to fit your needs.

    NetCat Part I - Tedob1
    NetCat Part II - Tedob1
    NetCat Part III - Tedob1
    NetCat Part IV - Tedob1
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    If the address is always the same I'd just drop a line to abuse@aol.com

    Otherwise just block the address.

    What OS are you using - Linux by any chance - Use iptables with mirror - that'll fox 'em

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    steve.milner: I've been doing some reading up on mirroring using iptables... you might want to hvae a look at this, to make sure you're configured properly. hopefully you've already seen this... but just in case... and for those who are thinking about setting it up.

    http://www.netfilter.org/security/20...22-mirror.html
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    phishphreek80: Thanks for the links. I will check out netcat. am using MS OS so I might be limited.

    Contacted AOL, no reply. But blocked IP at firewall and bandwidth does not seem to be affected. I'll post an update once I have anything interesting to share.

    Again, thanks for the help

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Lightbulb

    Sounds like my reply is after the fact, but here goes...

    The other obvious option is to notify your own ISP and see if they will deal with AOL. The response you get from them can vary widly, depending on your provider. I would definitely not attack the IP though...you're right, it could be a kid or a newcomer playing with scanning tools, or it could be someones grandma with an owned/zombie'd box.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Zencoder - see that little flashing date in the post just above yours? That means this thread has gone stale - yes, you were just over a year late in responding. Please check the dates before you post.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •