Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment Re:Duh (Score 1) 189

Yeah, cause its never happened to anyone else before...

Last fall, Apple released their App Store Approval Guidelines. The relevant guideline—the only place where the word "duplicate" appears in the guidelines—is quoted on Stackoverflow:

Apps that duplicate apps already in the App Store may be rejected, particularly if there are many of them, such as fart, burp, flashlight, and Kama Sutra apps.

If you were to write and submit your own app that connected to Dropbox, it might get rejected. Given the number of third-party Facebook apps and Twitter clients still available on the App Store, however, I think that unlikely.

Plus there's no no shortage of web browsers on the App Store.

I feel pretty good about Dropbox never being pulled for "duplicating functionality."

Comment Re:Amazon did it (Score 5, Insightful) 338

Whereas Apple is relying on their lock-in to the "we get a cut of the action, see" iTunes store. It is a tried and true method.

Except iOS devices aren't loss leaders for Apple. Apple makes a negligible amount of profit off of its App Store. The bulk of Apple's profit comes from every device that goes out the door—whether it's paid for by you or by a combination of you and your mobile carrier.

Comment Re:Interesting (Score 1) 327

[...] it doesn't seem reasonable to me to expect other companies to delay their work out of respect while Apple keeps on doing their work out of respect.

Who expected other companies to delay their work? Apple clearly didn't.

Slashdot Top Deals

Ever notice that even the busiest people are never too busy to tell you just how busy they are?

Working...