:> By the way, I see frequent few port scans from people looking for :> open news servers! And that is on a system that doesn't run a :> news server at all. While I don't see that as a security problem, :> I am puzzled since it never happened before the first week of :> October. : :I've noticed the same thing quite regularly. Particularly to the machine :I use to post to newsgroups. They don't get anything but a RST here :though :) What really seems to draw people to a news server is the Freenix list of the Top-1000-propagating news servers: http://www.freenix.fr/top1000/ For various reasons awhile back, I ended up changing the Path: headers on a news feeder system I was helping a client with. So, instead of: Path: news1.foo.bar it would emit: Path: news1.foo.bar!news2.foo.bar Since news1.foo.bar propagated well enough to be on Freenix, when news2.foo.bar cropped up on the list, it got listed on Freenix as well. news2.foo.bar's NNTP port didn't get many hits from scanners even though it was exposed in the Path: headers. Then the Freenix list came out, and whammo... lots of outsiders trying to read news off my news transit box. In retrospect, I probably should've put a tar baby nnrpd on the system to see what they were interested in. I was intrigued by the number of people who'd connect from sites that appeared to have decent-enough news servers, and it was clear that most were hitting _just_ my NNTP port as opposed to a general purpose portscan. But "lack of free time" prevailed and I never did so. -- Michael J. O'Connor | WWW: http://dojo.mi.org/~mjo/ | Email: [EMAIL PROTECTED] InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 248-848-4481 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "Never tell me the odds!" -Han Solo - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
