Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment Re:The fact none of you care says more about (Score 3, Insightful) 104

I'm betting an absolutely huge majority of traffic on Twitter is completely pointless and inane ... "I'm going to the bathroom", "the poop is coming out", "meeting Bill and Larry for drinks".

This uninformed stereotype of twitter activity is outdated.

The vast majority of tweets today are links and retweets. Live example, I just looked at the 10 most recent tweets in my stream. The first 9 are links and the 10th is a comment about WeChat.

Comment Re:The death of common sense (Score 3, Insightful) 220

Having the student issue a written apology to the teacher and having him post a simple "obviously this was a joke" tweet seems like it should have handled the situation quite well and made it a learning experience for the student. Engaging the parents early would help ensure it's taken seriously and reinforced at home. No damage done, no lawsuits, no absurdly ignorant police chiefs.

Comment A tough area (Score 0) 220

Based on the facts presented thus far, I don't really see that the school district has a leg to stand on and that police chief needs to head back to night school to brush up on some law basics. Now that teacher; she may have had cause for some sort of civil action against the student, especially if the school did any sort of investigation of her based on the content of the exchange.

If the school wanted to take action here, they should have provided the teacher with lawyers and legal options upon request. If the tweets caused some sort of disruption on their own (frankly, the school district's actions caused more disruption than anything else), only then should they have acted based on the results of an investigation. Here they just seemed to have been lurching about without any sort of plan or clue for how to proceed properly and objectively.

Comment Re:rip-off (Score 1) 296

If it's required by law (e.g. driver's license, medical license, etc) then sure. If it's an IT cert, then it's absurd. And if the justification is that some contract requires it, then fire the asshole who wrote and/or signed that contract.

I understand that people place differing levels of confidence in certs and I don't begrudge them that. I disagree that IT certs mean much, but others think they're more useful. Where my strong objection comes in is holding that over somebody's head and bringing in auditors to shitcan everyone (regardless of how good a job they're doing) because some useless piece of paper expired.

Only way I'd ever take a job at a place like that is if the annual salary was enough for me to retire on. That way, even if they shitcanned me the day the cert expired, I'd be set for life anyway. And I'd still go in every day thinking to myself "fuck this place". They certainly would never get my best work, which only comes when I'm pouring my heart and soul into the work I'm doing to build something I can be proud of.

Comment Re:rip-off (Score 3, Insightful) 296

Then they were better off for it. Any place that'll pull that kind of bullshit without regard for knowledge, skill, and work ethic (Hell, any place without regard for treating its workforce like human beings instead of numbers) isn't a healthy place to work anyway. I don't care if they're starting you a $250k; without any sense of job security, you go in each day and go to bed each night wondering if you'll have a job tomorrow.

That's no way to live. Fuck that place.

Slashdot Top Deals

A method of solution is perfect if we can forsee from the start, and even prove, that following that method we shall attain our aim. -- Leibnitz