AT&T sent me a TOS Violation notice yesterday, based on the fact that my "hacked" system was scanning ports on someone else's computer on October 25th, and they tagged it as a TOS violation.

The next morning (October 26th), my computer would not boot. And that's when I reloaded the OS.

Now, I'm ipchained with all ports below 1023 on my "external" adapter blocked, except HTTP and ssh.

My hosts.allow has no entries, and hosts.deny has 2 "internal" exception IP addresses, and my work IP external as an exception.

xinetd.d has almost all the services disabled, except telnet and wu-ftpd (on the internal network only because of the firewall rules).

I plan to do some more testing tomorrow to verify all this.

Once I put the firewall rules up in ipchains, I logged every computer access from my external network.

Guess what I found out! Apparently, some security system in the AT&T was SCANNING MY PORTS! So Greg, I think you're right.

But, now I'm beginning to wonder if AT&T is the one trying to:

1. See what ports are listening on my system... You just confirmed that one, thanks Greg. I guess I need to move some services to new "undisclosed" ports.
2. Possibly hack/attack weak systems on their network (that aren't supposed to be running telnet, ftp, or http listening ports anyway)?
3. Break in and create a TOS violation they can use to disconnect you?

That would be very tacky, but I wouldn't put it past AT&T. Basically, AT&T is saying,"If you can't build a "hardened" server, you can't play..."