Since you already notified them about your existence and interest in their
machine as well,as a precaution I would also add either a firewall rule or
drop route to that IP address where the port scan came from. Of course,
they can use a different IP, which would change the scenario.
I would agree with someone on the list to keep an eye on your machine's
logs. Put this in your /etc/syslog.conf at the end:
#Display everything on the console 8
*.* /dev/tty8
and restart syslogd:
/etc/rc.d/init.d/syslog restart
I have a small B&W monitor attached to my firewall machine with logs
displayed on the screen. Very useful.
Also install and run portsentry utility. In cases of the portscan, it will
react in your desired fashion: fires up a firewall rule against the
offending host, adds a deny rule in 'hosts.deny' etc. You will find it on:
http://www.psionic.com/abacus/portsentry
Good luck,
Denis
>>>>>
On Tue, Apr 17, 2001 at 05:05:36PM -0500, eric clover wrote:
> i just got scanned. i in turn scanned them. this is what i got back.
> are they compromised? (look at the last one)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
