[Snort-users] Fun with IPF and Snortnort-users at lists.sourceforge.net
thomas r stromberg
tstromberg at ...330...
Mon Mar 19 17:09:25 EST 2001
On 19-Mar-2001, Beckster popped this into my mailspool:
> Hi Thomas,
> Does that mean that if anyone scans your network for 111, 135 or
> 139 that it is redirected to your anglerfish/angelfish box and the
> c script you are talking about? I'm still learning about ipnat.conf
> setup and was a little confused by the anglerfish/angelfish reference.
> Is it just a misspelling?
> > rdr fxp0 0.0.0.0/0 port 111 -> <angelfish ip> port 111 tcp/udp
> > rdr fxp0 0.0.0.0/0 port 135 -> <angelfish ip> port 135 tcp/udp
> > rdr fxp0 0.0.0.0/0 port 139 -> <angelfish ip> port 139 tcp/udp
Sorry for the confusion, I meant anglerfish in all the references.
Silly me. Yes, it forwards those ports to the anglerfish virtual
I was thinking of blanket forwarding some other ports for trojans as
well.. but there aren't many services people scan for on our network
that some box is not providing.. i didn't want to get into a huge
BTW.. gftp immediately crashes connecting to anglerfish, netscape,
fetch, and lftp just go into infinite loops. Heh, wonder what else
will go boom. Hopefully some script kiddies scanners go boom too.
thomas r. stromberg work: tstromberg at ...330...
research triangle commerce (icc.net) home: thomas at ...1617...
"I believe because it is absurd" -- Tertullian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 230 bytes
Desc: not available
More information about the Snort-users