Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Handle Portscanning Attacks?

Posted by Cliff on from the online-hassles dept.

Kainaw asks: "I tried to submit this earlier, but I couldn't because I had no bandwidth available. The reason is simple: I use Comcast for cable Internet. My modem/router is portscanned constantly. Nothing makes it past the router, so everyone tells me that it isn't an issue. Well, it is when I can't access any webpages, get email, or even submit a simple article to Ask Slashdot because my entire bandwidth is eaten up by script kiddies with a new portscanner toy. This is a two-part question: First, can anything be done with a simple at-home modem/Linksys router/two computer setup to stop a portscanning attack? Second, is it possible for the Linksys router to become a 'bot' and actually be the originator of much of the traffic?"

3 of 140 comments (clear)

  1. LOLDONGZ FAILS IT by Anonymous Coward · · Score: -1, Offtopic
    GNAA Announces Immediate Release of OSX_x86_YHBT
    GNAA Announces Immediate Release of OSX_x86_YHBT

    Ich Bindawalross (London) - GNAA (NYSE: GNAA) President timecop released a statement today regarding the immediate Internet release of MacOS X for the x86 architecture, available on many BitTorrent networks. After making the statement, timecop yielded the stage to a second speaker at the press conference, Apple Computer co-Founder and CEO, Steve "Rim" Jobs, now fully recovered from his recent gender reassignment surgery to field questions from attending press members.

    "We here at Apple Computerth [sic] have decided on a slightly different path for the upcoming version of the MacOS X," Jobs states before bursting out into high pitched giggles. "We have replaced our overpriced and bloated software with an efficient and easy-to-use interface. I would like to take this opportunity to announce a merger larger than a Zimbabwe nigger cock: GNAA and Apple Computer."

    Returning to the podium, timecop began speaking again, while Steve Jobs submitted to orally pleasuring his ten inch nigger cock. "Dedicated faggots have been loyally purchasing the homosexual software and hardware abomination that is Macintosh computers. Apple has been striving to provide software customers with the most flambouyantly homosexual combination available. However, in recent days, this hasn't been enough.

    "There has been increasing pressure from the disgustingly obese Lunix nerds and the socially well-adjusted and popular Windows users to convert, as well as pressure from OS X emulators to provide consumers with increasingly gay products. Apple Computer has decided to merge with GNAA in order to broaden the appeal and better serve the interests of all those who buy Macintosh products. Furthermore, we will adopt Apple's "Step 2 ???? PROFIT!" marketing model. This will also stop Apple from going out of business, which they probably would have otherwise."

    At this point, timecop paused and deposited a quart of Gaynigger seed into Steve Jobs' mouth.

    "GNAApple is committed to our new OS X86. Rather than give the user the difficulty of finding pornography themselves, we provide them with the classic hello.jpg, redundantly archived and brand labeled throughout the 950 MB DVD image, as well as a bundled copy of GPA (Gay Porn Avalanche). Now, greater efficiency in masturbatory pursuits can be provided to all."

    "As Slashdot users, many of you might have been exposed to the pirated release, and information pertaining to it. We would like to thank Rob "CmdrCocko" Malda for running the first article, leading to the release of information about our upcoming merger. We would also like to extend our gratitude to thepiratebay.org and XiSO for helping us spread the release over the 'underground scene.' We thank you, the IRC channels who put it on their hacked .edu xdcc bots and fserves who hosted it on your dialup connections.

    Steve Jobs, recovering from the large dosage of AIDS from the variety of syphilitic, festering sores of GNAA members, rose to his feet at this point during the press conference. "Our previous versions of OS X were released prematurely, and as a result the operating system was unstable and fragile. Our team of software engineers have also decided to abandon the weak and inefficient UNIX backside in favor of a more efficient and robust alternative: WinNT. The pirated version of our new operating system has had record acclaim from users of the Jewish-based internet news organization known as "Slashdot".

    "Those doubting the superiority of our new release need only read user testimonials."

    "The Torrent going around as: Mac OS X Tiger X86 READNFO-XISO It's a complete fake. When the image is booted it shows a picture of a guy showing off his Bu** H**e." - Anon Coward

    "if you unrar, burn, and boot like the .nfo file says, it just

  2. Re:Contact Comcast by robertjw · · Score: 0, Offtopic

    Unfortunatly, I'm at work, so I have no clue what the IP address is.

    You mean you can't ssh into your home box from the office.
    Loser.

    --
    Find coupons in Greeley
  3. Great question... by chrysrobyn · · Score: 0, Offtopic
    How do you handle port scanning attacks?

    I think the right question is "how should I handle my bandwidth being eaten up?" and a lot of people have responded in a good manner. Verify the source, send logs. Additionally, cut down on promiscuous activity (IRC on some servers, or some channels), some multiplayer games, etc. Generally, if you're smart enough to be doing that kind of stuff, you recognize that it's promiscuous.

    One of my favorite stories was how I dealt with port scanners in college in 1996. I had an unswitched 10baseT in my dorms. Password sniffers and hackers were everywhere. I was getting constantly scanned. So, I set up an entry in init.d which launched a counter-offensive if someone went after my finger or name service ports. Everyone who knew me knew that I didn't run either service, so that left the ignorant masses with less than honorable intentions. I'd picked out some effective attacks, mostly against Windows machines. The scans slowed down a great deal after I put in my countermeasures.

    When I got to grad school, I moved into an apartment with a cable modem (one of the first markets in the US). Without thinking, I left my countermeasures up. Our sysadmin ran some automated portscans to verify that his customers weren't running open mail relays, IRC servers or name servers (upload hungry services). One day, the cable modem lost its signal. My system logs showed three port scan attempts. Each of them stopped after the first countermeasure enabled port was hit, and after the third countermeasure we lost our cable modem. I had to discuss the situation with the admin before being allowed to use the cable modem again. He was irked, but audibly amused.

    So I simplified my countermeasure to just respond to every finger attempt with a finger against the opponent. Shortly after that, I learned our admin was paged every time his scanner computer was fingered...