At 07:28 AM 5/14/01 +0000, you wrote:
>On Mon, 14 May 2001 10:06:42 +1200, you wrote:
>
> >> Your unauthorized port probing has been detected.
> >> Your ISP will be notified within the next 12 hours.
> >>
> >>Even if I never get around to checking the logs (very unlikely), I can
> >>just imagine the sweating they'd do for the next couple of days! ;)
> >
> >Set in dnews.conf
> > nntp_logoff Your unuauthorized port probing will be reported to
> >your ISP...
>
>May I suggest a better method against port-probing ?
>
>If Dnews would get an option to reject all connections outside the
>allowed IP-address range(s), then the user cannot even connect to port
>119. Then all port-sniffers give up.
>This applies to ISP news-servers which can be accessed only from their
>customers.
If you set in access.conf
*:logoff:::*
your.ip.range.*:read,post:::*
Then dnews does reject any user outside your ip ranges. However this
can only be done after the connection is 'accepted' so a response can
and is sent.
As someone else has pointed out, the only way to block the connects
before they happen is in the OS filter or in your firewall.
However I agree with your point that the message should not be 'too ' rude
as it is likely to be seen by real customers on occasion.
ChrisP.
