Re: [PLUG] firewall logs

Michael Leone on Tue, 20 Mar 2001 23:40:14 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall logs

From: Michael Leone <turgon@mike-leone.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] firewall logs

Date: 20 Mar 2001 23:34:13 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On 20 Mar 2001 22:18:38 -0500, Darxus@ChaosReigns.com wrote: > If you're willing, send me your logs of inappropriate connection attempts. > I wish to see if I can compile some useful info for our resident Trooper. > > Since I turned on logging on March 11th, I noticed a bunch of > inappropriate connection attempts on predictable ports. Yep; happens every day to me, both at work and home. > 7 - 500/isakmp UDP - no idea.. ? isakmp is a key exchange protocol, I think > 1 - 27374/ TCP - no idea This last one is one of those trojan programs ... SubSeven? Hack'a'Tack? > If it isn't obvious, I suggest not portscanning any of my boxes without my > express permission, as I intend to submit full logs to the Pennsylvania > State Troopers, Computer Crimes Devision. Might be a waste of time; I get scans of at least a couple ports EVERY DAY ... it's kind of like rattling doorknobs as you walk down the street, to see who left their door unlocked. I've complained to ISPs of the scanners - 75%+ of the time, I don't even get a response. Only if it's one of the ports from SubSeven or BackOrifice or some other known, specific cracker exploit. > > -- > http://www.ChaosReigns.com > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug > > -- ------------------------------------------------------------------ Michael J. Leone Registered Linux user #201348 <mailto:turgon@mike-leone.com> ICQ: 50453890 PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF And if it's too much fun, that oughta clue you, son You're probably doing something that's wrong ... "Don't Do It" Little Charlie and the Nightcats ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] firewall logs
From: Darxus@ChaosReigns.com

Prev by Date: Re: [PLUG] South Jersey Linux User's Group alive and well.

Next by Date: [PLUG] RE: South Jersey Linux User's Group alive, not well.

Previous by thread: [PLUG] firewall logs

Next by thread: Re: [PLUG] firewall logs

Index(es):

Date

Thread