On Thu, 12 Feb 2004 11:12:53 -0500
Dragoncrest <[EMAIL PROTECTED]> granted us these pearls of wisdom:

>       For the past couple of days I've had someone on our lan port scanning my 
> box.  Not sure what's up with that, but I'm curious if there's a way to log 
> what IP address this is coming from.  I don't have IPFW enabled yet as I 
> haven't had the time to configure it at this point as it's currently behind 
> the company firewall on our T3.  Is there a way to log where it's coming 
> from?  Or is that already being logged somewhere?

I wonder if you might get some benefit from a couple of simple IPF rules
and a quick portsentry install. 


pass in log on interface0 from any to any
pass out log on interface0 from IP to any

with the appropriate startup would give you a good idea of the IP
address the scan is comming from. Whether your DHCP server admin will
tell you who that address is is a different matter.



[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to