Michael Leone on Tue, 20 Mar 2001 23:40:14 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall logs


On 20 Mar 2001 22:18:38 -0500, Darxus@ChaosReigns.com wrote:
> If you're willing, send me your logs of inappropriate connection attempts.
> I wish to see if I can compile some useful info for our resident Trooper.
> 
> Since I turned on logging on March 11th, I noticed a bunch of
> inappropriate connection attempts on predictable ports.


Yep; happens every day to me, both at work and home.

>    7 -       500/isakmp  UDP - no idea.. ?

isakmp is a key exchange protocol, I think

>    1 -           27374/  TCP - no idea

This last one is one of those trojan programs ... SubSeven? Hack'a'Tack?

> If it isn't obvious, I suggest not portscanning any of my boxes without my
> express permission, as I intend to submit full logs to the Pennsylvania
> State Troopers, Computer Crimes Devision.


Might be a waste of time; I get scans of at least a couple ports EVERY
DAY ... it's kind of like rattling doorknobs as you walk down the
street, to see who left their door unlocked. I've complained to ISPs of
the scanners - 75%+ of the time, I don't even get a response. Only if
it's one of the ports from SubSeven or BackOrifice or some other known,
specific cracker exploit.


> 
> -- 
> http://www.ChaosReigns.com
> 
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
> 
> 



-- 
 
------------------------------------------------------------------
Michael J. Leone                  Registered Linux user #201348 
<mailto:turgon@mike-leone.com>    ICQ: 50453890
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF

And if it's too much fun, that oughta clue you, son
You're probably doing something that's wrong ...
                                  "Don't Do It"
                                  Little Charlie and the Nightcats 
 


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug