Member
I suggest that you ban these 2 ip wich keep repeting themself as "severe" and "critical" attacks. This way you can sleep on your 2 ears and have a laugh about it.
That way you will never ear about him again!
Dont go hurry about banning ips but when you see the same ip repeating itself very often for critical or severe attacks, dont be shy and make sure he never see your computer online again!
perfect, how do i ban the ip?
i clicked on a critical one and backtraced it, and i got this
I get my internet from Cross Country Cable, could this just be my internet? should i still ban it?
EDIT: i also live close to halifax
I scanned the punk ass and here are some interesting ports that came up open:
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
I tried to connect to it on http since IIS was open but 'connection refuesed'
this is also wierd
Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)
huh...dhcp server?
go to http://www.xcountry.tv/ and the weather box says its in 'kentville, ns'
Ð3ƒμ|\|(7
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report.Originally posted by LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
I tried to connect to it on http since IIS was open but 'connection refuesed'
this is also wierd
Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)
huh...dhcp server?
go to http://www.xcountry.tv/ and the weather box says its in 'kentville, ns'
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report. [/b][/quote]Originally posted by shn+1 February 2004 - 18:05--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn @ 1 February 2004 - 18:05)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
I tried to connect to it on http since IIS was open but 'connection refuesed'
this is also wierd
Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)
huh...dhcp server?
go to http://www.xcountry.tv/ and the weather box says its in 'kentville, ns'
no, not spoofing....would if i knew how!
UDP Scan
IP: 24.222.28.234 Name: dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv Ports detected: 1 (*)
Port #123 (NTP) .. Reply: DC 00 0A FA 00 00 00 00 00 01 02 90 00 00 00 00 00 00 00 00
Trace Results
Hop 16 IP 24.222.79.206 (vl153.hlfx-dr1.eastlink.ca | .CA | Canada)
Port Scan
Address : 24.222.28.234
Name : dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (.TV | Tuvalu)
Ping .... Ok
Port 80 ... Ok !
1 (of 9) open port(s) detected
I too got connection refused with HTTP
EDIT..therew was more to this post but it didnt come through?????
Anyways..block the blooming IP address with ya wall...Cant see it having a legit reason to contact you
Ð3ƒμ|\|(7
no, not spoofing....Originally posted by LSA+1 February 2004 - 18:09--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (LSA @ 1 February 2004 - 18:09)</td></tr><tr><td id='QUOTE'>Originally posted by shn@1 February 2004 - 18:05
<!--QuoteBegin-LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
I tried to connect to it on http since IIS was open but 'connection refuesed'
this is also wierd
Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)
huh...dhcp server?
go to http://www.xcountry.tv/ and the weather box says its in 'kentville, ns'
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report.
Any linux version of nmap will practically do it for you if you specify the correct options like some of the ones below.
[admin@london admin]$ nmap
Nmap 3.48 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Is it this one * -sS TCP SYN stealth port scan (default if privileged (root))Originally posted by shn@1 February 2004 - 18:28
Any linux version of nmap will practically do it for you if you specify the correct options like some of the ones below.
[admin@london admin]$ nmap
Nmap 3.48 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
I should read my attachment!
Ð3ƒμ|\|(7
The Art of Port Scanning doc is already probably on your system.
file:///usr/share/doc/nmap-3.48/nmap_doc.html you can paste that into a browser and it will come up.
Your version might be different if so you can alter that.
And no its not the -sS. Its going to be more than just one option passed to it for an undetectable scan. The decoy option works as well.
Posting Permissions
Reply With Quote
would if i knew how!
Bookmarks