This is one of those things you'd think that nobody'd have to rant about, certainly not multiple times, but alas it is.
My ISP does what I assume is some minimal amount of network security stuff. I'm not sure how much in general as I'm in their static-IP pool, so I get to do things that other folks may not (like run mail and webservers) but they do at least some, and that's nice.
As part of this they apparently occasionally run port scans. This is not a big deal -- for most people it means that they'll get a little thumping, and if they're doing something they ought not or, more likely, are infected with some piece of listening malware they'll be found out. That's fine. My firewall machine's set up right and I don't have this sort of crap running.
And for added security, I've got snort running, set up to automatically black-hole hosts that try Evil Things. Like, say, port scans. No big, right? Means I occasionally black-hole my ISP's scanning machine.
My ISP scans from their primary DNS host.
Yeah, that's right, when they launch a scan I lose either my primary or my backup DNS server, which tends to screw all sorts of things up. Only on the server itself (the PPPoE software likes to kill my DNS settings and substitute its own in resolv.conf) since all the house machines default to the DNS server running on my server box, it's only the clients on the server box itself that tend to get hosed and stuck using the now-inaccessible DNS host.
Jeez, people, do not run port scans on a machine that does other actual useful things. It's stupid.
Posted by Dan at February 6, 2006 08:37 AM | TrackBack (0)