Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Bobby777

For the sake of all of us, please do not launch a new thread every time your firewall intercepts a port scan. Most of us get hundreds of these a day... many hundreds when one of those worms like Code Red is propagating.

Everyone who connects to the Internet should assume that at any given moment there are thousands of automated port scanners running, most of them in the hands of so-called "script kiddies" who use these scripts to find machines that are open to attack. When they come back from skateboarding, the script kiddies look at the log to see what new treasures their port scanner has uncovered.

Being scanned has nothing to do with being "logged on" to FR. There is no "circuit" between you and FR that remains open when you are freeping; every click is a different transaction. The packets might not even travel over the same route, or arrive in the proper order. All that stuff is sorted out after it arrives. If you get scanned while you're on FR, the same thing would have happened if you'd been anywhere else. Your IP address just came up at random in some script kiddie's port scanner, and it was your turn in the barrel. What 'page' you are viewing at the moment has nothing to do with it.

Anybody concerned about this stuff can find out more here.


22 posted on 10/21/2001 2:01:07 AM PDT by Nick Danger
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Nick Danger
well Nick, appreciate all the sentiment but this is my first post on port scan attack ... so a little education is appreciated ... as far as "posting everytime" you must be thinking about somebody else ... regards ...
35 posted on 10/21/2001 2:18:44 AM PDT by Bobby777
[ Post Reply | Private Reply | To 22 | View Replies ]
To: Nick Danger
"Being scanned has nothing to do with being "logged on" to FR. There is no "circuit" between you and FR that remains open when you are freeping; every click is a different transaction. The packets might not even travel over the same route, or arrive in the proper order. All that stuff is sorted out after it arrives. If you get scanned while you're on FR, the same thing would have happened if you'd been anywhere else. Your IP address just came up at random in some script kiddie's port scanner, and it was your turn in the barrel. What 'page' you are viewing at the moment has nothing to do with it."

As a rule, yes, but it's not absolute. I believe there have been instances where a not-very-nice person posted something to FR, and included a graphic file for the purpose of tracking the IP of everyone who accessed the image.

All he had to do was include the image (even a 1x1 "web bug" would suffice), and then check the headers when requests come in to his server. He'd get a log of IPs of people who visited the FR thread that had his post.

Of course "all he had to do" is not that trivial for the majority of users, but it is possible, and short of blocking images, there's really no way to stop it. Still, a decent firewall (zone alarm) will prevent him from doing anything with that IP number.

38 posted on 10/21/2001 2:24:50 AM PDT by Don Joe
[ Post Reply | Private Reply | To 22 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson