Become a fan of Slashdot on Facebook


Forgot your password?

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment Re: Cracked solder joint (Score 1) 226

Planes at cruise altitude and speed often fly pretty close to 'coffin corner' where stall speed and transonic conditions intersect.

That is, the air is so thin that they need to fly fast to maintain lift, but if they fly too fast parts of the wing will start exceed the speed of sound at that altitude, which makes a plane that's not designed for it very tough to control.

And stall recovery of a large commercial jet aircraft can soak up tens of thousands of feet of altitude, so if the crew was distracted, or a particular reset/restart took a while, well, that's a problem.

Comment Re:About that 911 thing.... (Score 1) 284

You're not getting the scale of things. Corporate security in this situation sounds like the right ones to call. I say "security", but I presume that they are more than that and have trained responders + equipment, which it would appear from the article that they do.

If I call 000 while I'm at work here in Australia, they can't do diddly-squat. I work at a mine site, with some 100km of underground tunnels and 'official' emergency services are 15 kilometers away down the highway. I do however have access to a couple of paramedics who are onsite and reasonably familiar with the mine if I dial '2222'. I also have access to about 20 trained emergency management personnel, as well as a team of mine rescue workers who regularly win awards in state and national competitions. We are a world unto ourselves - such is the legislation around mining that police can't enter the site without an escort by personnel, they can knock on the front door and ask nicely to come in, like everyone else.

Amazon, with their large warehouses, are in a similar position. Sure, get security to call 911 after they've sent the internal guys to assess and stabilise you - the outside guys can carry on and transport you to hospital. But a speedy response saves lives, so always get the local guys on site first.

Comment Re:No hardware or software fault? (Score 1) 80

If you asked me, such an handling mistake should be catched by the on-board software and handled properly (which means telling the operator right away to RTFM).

Well, that's what happened. Commands were sent, probe responded with a WTF!? and halted, people double-checked things - Oh, there's the problem, probe was reset back to normal.

Unfortunately, the round-trip time to the probe is nearly 9 hours, and nobody wants to be that guy that broke it good and proper, so they double check everything before replying, maybe even testing with hardware back here first. So these things take a while to sort out.

It's better to do that than to accidentally overwrite your antenna-pointing code with a software update for battery management, like JPL did with Viking 2.....

Submission + - Reddit is going dark after new CEO fires key employee. (

GNUALMAFUERTE writes: At approximately 5pm UTC, 1pm EST, on Thursday the 2nd of July, 2015, the moderators of /r/IAmA took their subreddit, which is one of the default set, private, making it for all intents and purposes shut down. Just after that, a thread was posted to another subreddit, /r/outoftheloop, asking whether anyone knew why it had happened. User /u/karmanaut, top mod of /r/IAmA, responded explaining that Victoria Taylor, Reddit's Director of Talent had been fired without notifying any of the subreddits that depended on her work. Victoria was a moderator of many default subs, and essentially the main contact between the moderators and the admins.

After Reddit's employees refused to comment on the issue, most other default subreddits, including /r/AskReddit , /r/Books , /r/science , /r/Music , /r/gaming , /r/history , /r/Art , /r/videos , /r/gadgets , /r/todayilearned , /r/Documentaries, /r/LifeProTips and /r/movies decided to do the same in solidarity with r/IAMA, effectively shutting down 90% of Reddit.

This thread in /r/outoftheloop has more information, and updates will be posted there.

Comment Re: Wouldn't the new cells have the same diseases? (Score 5, Informative) 40

In most cases they would, the thinking is that once you can grown custom neurons outside of the body, you can also modify them to be resistant to or able to reverse the disorder. For example, what if you could re-engineer normal neurons from a patient with Huntington's disease. Injecting them back in, maybe they would replace some of the dying neurons and at least diminish the effects of the disease. If you could engineer glial cells that can properly transport beta-amyloid or are hyper effective at it, maybe they can compensate for cells that can't and slow down the progression of Alzheimer's to push it back beyond reasonable human lifespans. The other key idea is now you have a way of producing cells that carry the disease genes without having to cut open someone's brain to get at them. This is one of the first necessary tools to study and develope new treatments to fight these diseases for which no human-derived models exist. This is probably the likliest short term benefit of such technology (ie benefit in 10-20 years rather than 20-50 year timeframe) accelerating the pace of drug discovery.

Slashdot Top Deals

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]