How do you secure your server? I realize this is not something you
can relate in a few words, but IIS is downright dangerous without a
security policy in place.
Anyway, I don't see how they could even see it behind my firewall. As
you can see, the log file indicates that it dropped the scan. And as
I said, when I'm not using it, I'm going to shut it down, even just on the LAN.
There are so many ways to get to a system it's incredible. Now I'm
wondering about TIVO. I have a TIVO box on my network, and I wonder
how secure that is. They send messages to it, and I can set up
programming on-line. The phone line is disconnected.
From my understanding TIVO is a Linux box. A friend of mine is an
engineer and he enjoys hacking anything. His current interest is
TIVO, and it will be interesting to see what he does with this.
At EST 06:43 PM 12/1/2005, - Russ Blakeman duly noted:
Looks more like an auto scanner found it and is trying to ping it for use as a pass thru for mail. China and Taiwan are full of those stupid things.
> -----Original Message----- > From: computertalkshop-bounce@xxxxxxxxxxxxx > [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of Ross Nelson > Sent: Thursday, December 01, 2005 4:07 PM > To: computertalkshop@xxxxxxxxxxxxx > Subject: [CTS] Re: Scanned > > > Something's telling me it's not a search engine. > > OrgName: Asia Pacific Network Information Centre > OrgID: APNIC > Address: PO Box 2131 > City: Milton > StateProv: QLD > PostalCode: 4064 > Country: AU > > ReferralServer: whois://whois.apnic.net > > NetRange: 202.0.0.0 - 203.255.255.255 > CIDR: 202.0.0.0/7 > NetName: APNIC-CIDR-BLK > NetHandle: NET-202-0-0-0-1 > Parent: > NetType: Allocated to APNIC > NameServer: NS1.APNIC.NET > NameServer: NS3.APNIC.NET > NameServer: NS4.APNIC.NET > NameServer: TINNIE.ARIN.NET > NameServer: NS-SEC.RIPE.NET > NameServer: DNS1.TELSTRA.NET > Comment: This IP address range is not registered in the ARIN > database. > Comment: For details, refer to the APNIC Whois Database via > Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl > Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry > Comment: for the Asia Pacific region. APNIC does not operate networks > Comment: using this IP address range and is not able to investigate > Comment: spam or abuse reports relating to these addresses. For more > Comment: help, refer to http://www.apnic.net/info/faq/abuse > Comment: > RegDate: 1994-04-05 > Updated: 2005-05-20 > > OrgTechHandle: AWC12-ARIN > OrgTechName: APNIC Whois Contact > OrgTechPhone: +61 7 3858 3100 > OrgTechEmail: search-apnic-not-arin@xxxxxxxxx > > # ARIN WHOIS database, last updated 2005-11-30 19:10 > # Enter ? for additional hints on searching ARIN's WHOIS database. > > > > % [whois.apnic.net node-1] > % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html > inetnum: 202.103.86.0 - 202.103.86.127 > netname: IYWLDZ > descr: YIYANG XINXIJU WANGLUO DIZI > country: CN > admin-c: PH23-AP > tech-c: PH23-AP > mnt-by: MAINT-CHINANET-HN > changed: hpc@xxxxxxxxxxxxxxxxxx 19991210 > status: ASSIGNED NON-PORTABLE > source: APNIC > changed: hm-changed@xxxxxxxxx 20020827 > person: Pengcheng Hu > address: Hunan information property Co.Ltd > address: No.9 middle wuyi Road > address: changsha, Hunan 410011 > address: CN > phone: +86731-4442626 > fax-no: +86731-4432553 > e-mail: hpc@xxxxxxxxxxxxxxxxxx > nic-hdl: PH23-AP > mnt-by: MAINT-NULL > changed: hpc@xxxxxxxxxxxxxxxxxx 19990628 > source: APNIC > > > On Dec 1, 2005, at 3:52 PM, jonleo wrote: > > > Maybe its just the search engines seeing something new and trying > > to catalog it. jonleo > > ----- Original Message ----- > > From: Hal > > To: computertalkshop@xxxxxxxxxxxxx > > Sent: Thursday, December 01, 2005 3:44 PM > > Subject: [CTS] Scanned > > > > For the last couple of days, since I put up this server, I'm > > getting scanned. Is this just coincidence, or could I have a > > problem? Anyone? > > > > 12/01/2005 15:14:47.896 - Possible port scan dropped - > > Source:202.103.86.66, 35678, WAN - Destination:65.31.54.163, > > 1032, WAN - UDP scanned port list, 4081, 1028, 2, 1030, 1031 - > > > > > > -- > > Hal Brown > > http://daytonlodge147.org > > > > > > > > > > ** YOUR HELP IS URGENTLY NEEDED ** > DONATE to Hurricane Katrina victims: http://www.redcross.org/ > DONATE Housing (Spare room, shelter) http://www.hurricanehousing.org/ > > ------------------------------------------------------------------ > --------- > Computer Talk Shop http://www.computertalkshop.com > Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm > > List HowTo: http://www.computertalkshop.com/faq.htm > > To join Computer Talk Shop's off topic list, please goto: > http://computertalkshop.com/other_cts_lists.htm > ------------------------------------------------------------------ > --------- >
** YOUR HELP IS URGENTLY NEEDED ** DONATE to Hurricane Katrina victims: http://www.redcross.org/ DONATE Housing (Spare room, shelter) http://www.hurricanehousing.org/
--------------------------------------------------------------------------- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm
List HowTo: http://www.computertalkshop.com/faq.htm
To join Computer Talk Shop's off topic list, please goto: http://computertalkshop.com/other_cts_lists.htm ---------------------------------------------------------------------------
** YOUR HELP IS URGENTLY NEEDED ** DONATE to Hurricane Katrina victims: http://www.redcross.org/ DONATE Housing (Spare room, shelter) http://www.hurricanehousing.org/
--------------------------------------------------------------------------- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm
List HowTo: http://www.computertalkshop.com/faq.htm
To join Computer Talk Shop's off topic list, please goto: http://computertalkshop.com/other_cts_lists.htm ---------------------------------------------------------------------------
