Jump to content

Someone is port scanning me


Just John
 Share

Recommended Posts

I wouldn't worry about it. Like you said you've got your firewall running. I don't think its possible to gain access to your box, and any secure site you're visiting should have 256 encryption, and I believe all browsers offer 128 bit encryption. I could be wrong though. Take what I say with a grain of salt, I'm no networking export and I'm far from being a Linux expert.

Link to comment
Share on other sites

Port scanning unfortunately is common on the internet. My firewall picks up port scans all the time - but I know it's not configured for allow any incoming connections. My firewall also blocks their IP after three tries of scanning.

 

I'd be more worried if you found them trying to get in on specific ports. Just make sure you've got nothing listening for incoming connections.

Link to comment
Share on other sites

You should be worried if someone is scanning certain ports repeatedly. Otherwise, you should just be cautious and check the log file now and then. If you are unsure if someone really hacked you, you should check for a root-kit.

Link to comment
Share on other sites

I doubt you have many ports open unless you run servers. To check what ports your computer is listening to, run netstat -tan.

 

It is a good idea to edit hosts.deny and hosts.allow to deny remote access to all services/ports, except for those you explicitly want to be open, eg, port 22 for secure shell access. Even after that you can add an extra line of defense by limiting the number of unsuccessful (read unauthorized) login attempts from a particular host (read bot), say to 3. Take a look at denyhosts. When run as a daemon, it monitors the security logs. If an IP address attempts to gain an access to your computer for 3 or more times in a row, that address will be added to the hosts.deny file for good. It will never bother you again.

Link to comment
Share on other sites

Umm, interesting thread I find. Digging a bit I found the interactive firewall cong in drakconf. Using nmap is easy but apparently not that complete!

 

I've read a bit in a magazine about Nessus and gave it a try, pretty powerful.It will scan an IP, then sum-up the dangers of opened ports on that specific machine as well as give advice on how to protect it.

 

I had a machine lightly protected on my network and it said that despite being protected it managed to id the PC and scan the ports. I am quite impressed by that.

 

To get the nessus GUi one has to install the gtk package. Also before fireing it up one needs to do nessus-adduser and give a password.

 

GOOD LUCK!

 

Stef

Link to comment
Share on other sites

eg, port 22 for secure shell access.
If you are using ssh, it's probably a good idea to configure it to run on a port other than 22 (a non-reserved port, obviously) as this will cut down on brute force attacks - automated brute force scripts rarely do a scan before trying to connect to ssh, so they just hit the default port and if nothing is there move on.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...