That nice list of categories makes the netmask logic more intelligible to even me - and adds a certain clue when I notice in the logs.. a repetitive address attempting several of the cockamamie &^#$^ countless ports, and its address is one of the suspect Class. This especially.. when they increment! This ain't about a misplaced query, but about snooping (I must suppose).

At which point I'm almost moved to do a look-up and pen a poison e-letter to the putative owner of the block, depending upon mood. Dunno if anyone reads such notes, of course - or acts on the info.

I can imagine that an annotated graphical map could be a boon for those learning from scratch. When I was possibly going to help a local non-profit put their private LAN (run by Win 2K-Server, fancy RAID hdwre etc.) on inet:

After I perused a recommended book on the OS, while I found lots of the cautions to be 'common sensical', I also discovered [what all of you already know]: that you'd damn well better be up to speed, not merely in the endless stream of patches from M/Sloth (and what each one might break, while 'fixing' something else) BUT - you must also be not just acquainted with.. but familiar with a large repertoire of modern sophisticated attacks.

I concluded: I was not up-to-speed and unlikely to become so. Fortunately they found a work-around to permit their (limited need) of internet access, which was kept separate from the LAN and its data. I believe this was a shrewd move on their part - after all, the ONLY version of "NT" in all its convoluted forms, to meet [some Color]-Book Certification - achieved that dubious honor, only when isolated from all I/O.

(Moving them to Open Source non-toy OS was of course, also beyond my competence and.. they had the present working system ~ 'free'.)

ie. Security ain't no job for amateurs, today! I watch with amusement as a friend attempts to get his small LAN 'safe' for exposure to the net, while playing with packet sniffers, then looking for FAQs about why he's seeing (say..) lots of NETBIOS queries appearing after a particular change is made. Yada yada ---> ad infinitum. He's learning of course, but..

A Net Policeman's life is not a happy lot..



Ashton
who can think of more entertaining means of self-flagellation than this :(