Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Handle Portscanning Attacks?

Posted by Cliff on from the online-hassles dept.

Kainaw asks: "I tried to submit this earlier, but I couldn't because I had no bandwidth available. The reason is simple: I use Comcast for cable Internet. My modem/router is portscanned constantly. Nothing makes it past the router, so everyone tells me that it isn't an issue. Well, it is when I can't access any webpages, get email, or even submit a simple article to Ask Slashdot because my entire bandwidth is eaten up by script kiddies with a new portscanner toy. This is a two-part question: First, can anything be done with a simple at-home modem/Linksys router/two computer setup to stop a portscanning attack? Second, is it possible for the Linksys router to become a 'bot' and actually be the originator of much of the traffic?"

7 of 140 comments (clear)

  1. Here's a suggestion... by TripMaster+Monkey · · Score: 4, Funny


    Got the IP addys of your tormentors?

    Post them here!

    I'm sure some of us could persuade these kids that port scanning is bad for your health...

    ^_^

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Here's a suggestion... by HTL2001 · · Score: 2, Funny

      slashdot:
      Faster than a gag order, more powerfull than a botnet

      I probably horrably mangled that quote, but whatever

      --
      By reading this, you have given me brief control of your mind.
    2. Re:Here's a suggestion... by lscoughlin · · Score: 2, Funny

      All Right!!!

      I'm going to so end that sucker right now, i've got it all loaded up and i'm about to hit the ent

      --
      Old truckers never die, they just get a new peterbilt
  2. Answers. by irc.goatse.cx+troll · · Score: 3, Funny

    Basicly, no. End users are the scum of the internet, no ISP really cares what happens to you as long as you pay the bill. If you don't, they don't care because others will.
    Your best bet would be to detect the port scan (eg, >5 sequential connections from the same host, or >15 nonsequential ones) and nullroute it so they get no response at all.
    Of course they can get around that, but if you're avoiding the common drones it doesnt matter.

    Second off, its not an attack, its just trying to get more information on you. Calling it an attack makes it sound bad, which furthers scare away the masses(who then get to vote on this stuff). If your isp didnt limit your upstream so much you wouldn't even notice it. nmap running in standard mode doesnt use nearly as much packets or bandwidth as my isp flooding me with arp who-has packets to see whos on.

    sidenote, be careful with whatever you do. Last time I found out a friend of mine ran a stupid windows firewall that would automaticly firewall anything that portscanned him, I spoofed a scan from his dns, then after I had fun watching him wonder why he couldnt resolve anything, I spoofed one from his gateway.
    Automated dropping is dangerous.

    --
    Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  3. Re:One question... by Fox_1 · · Score: 4, Funny

    One question... (Score:0) by Anonymous Coward on Wednesday June 15, @01:24PM (#12826733) If your computer is connected to the internet through a Linksys/whatever router, how do you know you're being portscanned? it's like a horror movie : The ISP said that there were no outside connections. The Zombie is in the house with you! Get out, do you hear me? Get out now.

    --
    The rock, the vulture, and the chain
  4. Re:Contact Comcast by cpeterso · · Score: 2, Funny


    I'm at work, but even I know the IP address of my Comcast cable modem is 127.0.0.1. Bring the the script kiddieZ!!1!

    --
    cpeterso
  5. Re:Sounds more like a DoS to me by moyix · · Score: 2, Funny

    Hmm, I've never needed anything so fancy.

    ifconfig eth0 hw ether b0:0b:b0:0b:b0:0b
    always did the job just fine.