On 12/23/08, Anne Wilson <cannewilson@xxxxxxxxxxxxxx> wrote:
> My LAN is behind a Netgear router, which does NAT. On the CentOS server I
> have fail2ban running. This morning my router reported 3 different IPs
> attempting to send UDP packets to port 38950, Since each address is only seen
> 4-5 times, I presume that fail2ban took over after that.
>
> GRC reports that ports are stealthed (port 143 was open, but is now closed),
> but then:
>
Try www.auditmypc.com or nmap-online.com rather than grc to look for open ports
> So, two questions really. First, what should I be looking for on the router,
> to turn off this 'tracking down' activity?
Maybe your router is sending host / port unreachable icmp messages.
You could try to see what is actually happening using wireshark on
another computer from outside your LAN
>
> Then, I want to read from my own IMAP server when I'm away from home. Is
> there a better way than opening port 143?
>
ssh tunnelling?
fwknop? (if you want all ports to appear closed)
<http://cipherdyne.org/fwknop/>
mike
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
