WTF is a port scan attack?

Interesting. Coeincidentally, I'm writing a paper on IP ID header TCP scans at the moment (these are an obscure sort of port scan and you're unlikely to be being attacked by them).

I wouldn't bother complaining about it. Happens all the time anyway, it's just that at least you've got software that tells you it's happening. Most of the hacking comes from countries which we have no sway/control over anyway, so it's not like anything would be done to the person even if they were caught.

[timwilky]

Ok, I am a linux type so this is linux specific

I have written a little listener programmer that listens on two deliberately open ports, I use 23 & 25 as on all but my mail server I do not use smtp and never ever use telnet.

If I detect connection to both of these I know there is a port scan going on and add the source to my iptables drop list that I share amongst all my servers.

Even though I am behind a hardware firewall. I run iptables on all my servers just to prevent an attack should an internet exposed server become compromised. You windoze lot ?I would strongly advise you to run software firewalls on your systems as well as your hardware firewalls.

I suppose I could hack my trap software to alert in a windoze environment. Does anyone know if the windoze xp firewall has a CLI or API interface that 3rd party systems can hook into?

My reason for doing this trap is simple. I have servers that must accept connections from the internet, but I don't want to accept connections from sources that are known to me as being dodgy.

I also use an extention of my trap software to parse http log files and where I find delibererate attack attempts, such as buffer overflow url requests I also drop these sources.