Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Ask Slashdot: How to deal with persistent and incessant port scanner

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company?

I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgement and zero action.

So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely.

This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect.

So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

Comment Re:The steady slide to Police State continues (Score 1) 1123

In an ideal world, I'd like to believe that officers would call out their buddies who engage in unethical behavior. But I do realize that is, indeed, just human nature.

However, I also know that when I see my coworker running a server on the side, watching youtube videos, or whatever else might get him fired, I'm probably going to give him the heads up that what he's doing probably isn't the best thing if he wants to stay employed. When the manager finally catches him, I'm not going to stand up and say "but you don't understand our jobs" and try to actively cover for him so he doesn't get fired. If someone from another department starts talking about it, I'm not going to try to defend the behavior.

This is where I have a problem with the argument about how I can't judge all officers by the acts of a few. Ordinarily, I'd say that's so. However, when they do such a piss poor job of policing themselves and such a good job of backing your buddies even when they're caught on tape egregiously violating their code of ethics or someone's civil rights, then I am going to lump everyone in the same group.

Basically, there's a difference between "ratting out your work buddies" and "covering up for and backing your buddies even after they've been caught and the manager is threatening to fire them". The former is unfortunate, but expected. The latter is unacceptable and makes you complicit.

Comment Please don't cripple the iPhone (Score 2, Interesting) 70

If this automatically redirects the iPhone to the wikipedia mobile site, I hope that there will be an easy link to click back to the "real" fully enabled site.

I am extremely tired of websites suddenly realizing that the iPhone is a cell phone and immediately redirecting me to the "useful" mobile site, which is usually optimized for WAP devices. Even worse, the majority of them do not allow you to access the fully enabled site in any way, shape, or form. Look, I can understand that some iPhone users would prefer to see the WAP site. However, one of the selling points of the iPhone for me is that it has a web browser that allows me to navigate and read any site. Please allow me to keep using the full functionality of the iPhone and your website and quit trying to dumb it down for me.

Slashdot Top Deals

Memory fault -- Oh dammit, I forget!