> > im getting this kind of things about 2 or 3 times a week...
> > with some netbus and bo try.
> >
> > i sent lot of emails to their isp but still receive 2 or 3 attack per
> > week from other ips...
> >
> > what should i do?, is there a way to protect me against this? currently i
> > have fakebo.
> >
> > Benoit Joly
> >
>
> You can not prevent your system from being scanned, all you can do is
> control what is learned from the scan. It is not a crime, as far as I
> know, to simply attempt connections to a machine on the public internet.
We (as a ISP) do report portscans to the provider of the scanner. And
almost always we get the reply that the scanner has been warned or
someting similar. A portscan can only be used for criminal actions, so
providers do see is as a crime.
Groetjes, Ookhoi
> First thing I would do is only have ONE machine exposed directly to the
> internet. Use this machine as a firewall/gateway for all the other
> machines. Turn off all services on this machine that you are not using.
> Carefuly plan and put into place a set of packet forwarding / masquerading
> rules for traffic between your internal protected network and the public
> internet. For services that you wish to provide to outside hosts, make a
> separate network different from the internal network. This is commonly
> called a "DMZ" in network documents.
>
> So your internet firewall / gateway will probably have THREE interfaces if
> you wish to provide public access to some services:
>
> 1. The interface to the external internet.
> 2. The interface to the private local network.
> 3. The interface to the internal network with public services (www,
> ftp, mail, news, etc.)
>
> The whole world can access certain ports in your public access net ( 80,
> 21, 23, 25, 119, etc) Nobody in the outside world has direct access to
> your internal net. Nobody on the public access net has access to your
> internal net and your internal net has access to everything.
