Hmmm, my isp is scanning this ports on my proxy pc like crazy!!! Most of my deny log is made of my isp snifing on my ports. Of course they can't come in but why do you guys think they are doing this? My isp is Road Runner...

Nandy

Its RR.. They scan. What else is there to say?

-r

Hehe,
wonder what they are looking for http://www.linuxnewbie.org/ubb/smile.gif.

When I was using @home and was being scanned like crazy, being scanned on all ports all day everyday causing my log files to be well over huge. I called them up and asked them what the deal was. Their answer was we are scanning all our residentual customers to make sure they are not using their service to start up their own isp and or subneting their ip to an office setting. Go figure. I didn't trust them and they didn't trust me. Needless to say their attempts were useless, especially when my firewall kept them out of my internal netwrok of 5 computers. Lets just say that I grew tired of having to search for actual attempted intrusions other than @home scanning my ports and dropped them like a bad habit and went back to dialup.

Sokertes

Wow Sokertes! You have will, seriously... It will take me a lot to give up my fast connection and go back to dialup. Needless to say i still have a modem on the pc for just in case and i use it also to play war on myself...

This bring the question of how can i filter the deny attemps from a specific or even a range of ip? Will that be posible?

Nandy

Nandy, it should be possible. Right now, I assume you have something like this at the end of your rule set for logging:

ipchains -A -i $external_interface -p tcp -j DENY -l
ipchains -A -i $external_interface -p udp -j DENY -l
.
.
.

I think that's the correct commands...
So, I am thinking you need to add to the logging rules a source range that is not from your ISP. Does that sound clear?

I'll have to take a look at my firewall at home to figure out the actuall command...

They "Scan" to see if you are running servers..

'nuff said