On Friday 22 February 2002 00:59, David Douthitt wrote: > > Next time this happens see if you can put a system on there and run a > port sniffer on the traffic coming into your box.
I'll have to look into that... it's not like I don't have plenty of machines to set one up to sniff. > It's definitely possible to create a shell which responds to a > connect from port 80. It's also possible to "steal" the > file-descriptors from a running shell. The only opening was a port forward on 81>>81 to an internal chrooted webserver. That should eliminate the connection from the firewall ... but I didn't realize that doing that was very possible. Thx for the heads up and advice! :) > I'm not sure it's entirely likely this has happened to you, but I > wouldn't rule it out - and all those attempted connects are > interesting... Yep, I'm of the same opinion here. Cox/RR doesn't really appear to want to look into it when I reported a couple of port scans last week. All in all, a nice little honeypot would probably be the easiest move. Maybe booby-trap 'ls' or 'cd' to do something extremely interesting when used :) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
