I know ISPs have the right (by their TOS agreement) to monitor and probe people.. I have just started messing with iptables. I'm a Cox.net cable modem user and out of paranoia, I am blocking all IP addresses owned by Cox.net
I figured out how to get syslog to write the data from iptables to a file and I'm notcing that I'm currently being portscanned by both the "dns" server and the "proxy" server. Both of these are scanning the same ports at the same time. Seeing a lot of stuff from kazaa users was one thing, but what are the cox people up to? Do they scan everyone or just the suspicious users? What I am seeing is not a scan of specific ports (like their "authorized-scans--xxxx" address used to do on the @home network, but an all out portscan.. They are scanning around the 2800-2900 range (I have only witnessed this range so far, but it is still continuing), one port at a time... (very slowly) I installed Apache the other day. I'm not interested in running a webserver, but I like to test and debug scripts locally and then upload them. Lord forbid they detected Apache before I could edit the conf files.... -Alex
