[Snort-users] Fun with IPF and Snortnort-users at lists.sourceforge.net

thomas r stromberg tstromberg at ...330...
Mon Mar 19 17:09:25 EST 2001

On 19-Mar-2001, Beckster popped this into my mailspool:
> Hi Thomas,
> Does that mean that if anyone scans your network for 111, 135 or
> 139 that it is redirected to your anglerfish/angelfish box and the
> c script you are talking about?  I'm still learning about ipnat.conf
> setup and was a little confused by the anglerfish/angelfish reference.
> Is it just a misspelling?

> >    rdr fxp0 port 111 -> <angelfish ip> port 111 tcp/udp
> >    rdr fxp0 port 135 -> <angelfish ip> port 135 tcp/udp
> >    rdr fxp0 port 139 -> <angelfish ip> port 139 tcp/udp

   Sorry for the confusion, I meant anglerfish in all the references. 
   Silly me. Yes, it forwards those ports to the anglerfish virtual

   I was thinking of blanket forwarding some other ports for trojans as
   well.. but there aren't many services people scan for on our network
   that some box is not providing.. i didn't want to get into a huge
   ipnat file. 

   BTW.. gftp immediately crashes connecting to anglerfish, netscape,
   fetch, and lftp just go into infinite loops. Heh, wonder what else
   will go boom. Hopefully some script kiddies scanners go boom too.
thomas r. stromberg                       work: tstromberg at ...330...
research triangle commerce (icc.net)      home: thomas at ...1617...
          "I believe because it is absurd" -- Tertullian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010319/6977f400/attachment.sig>

More information about the Snort-users mailing list