Thanks for the reply. My e-email client is fine, the multiple copies where my fault. Sorry :(
You are correct, 63.206.196.108 is the address of my bering machine. The only services/ports that I am serving are ssh, sftp, warcraft 3, and teamspeak (voice comms server). All of these connections are forwarded to a machine behind the firewall. As far as I know, I'm not running any of the services that person was trying to access You said the remote address was associated with dal.net. Do you have any references that explain how to track down where an address is? I never seem to be able to get that part. I would be happy to call it to their attention but I don't know where to send the e-mail. Thanks for your help -Mark Ivey- On Thu, 2002-10-17 at 14:07, Ray Olszewski wrote: > First thing, Mark, your MTA or e-mail client seems to be posting these > queries multiple times ... this one showed up here 3 times, the other one > twice. You might check for a configuration error. > > Second, this seems a bit more focused than an ordinary port scan, but that > you (assuming 63.206.196.108 is "you", something you don't actually > mention) are being scanned is a good guess. The TCP ports involved are 80, > 8080, 81, and 8081 (all common ports to run an http server on), 23 > (telnet), 6667 (an IRC port), and 3128 (Squid) ... all excellent candidates > for attacks (I don't actually know any Squid vulnerabilities, but there are > common exploits for the others). > > The source address seems to be associated with dal.net, a big IRC provider. > You They've been around for a long time, and way back when, they had a > solid reputation. It might be worth calling this to their attention. > > Of course, all of this is somewhat of a guess, since aside from the log > entries themselves, I know nothing about your configuration, includng what > services you actually run. > > At 01:34 PM 10/17/02 -0700, Mark Ivey wrote: > >I pulled these log entries out of the weblet. What was being attempted > >here? Is this a simple port scan? Anything to be concerned about? > > > >-Mark Ivey- > > > >Bering LEAF Firewall > > > > ::hits caused by 66.28.140.212:: > > > > Oct 17 07:58:38 firewall kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= > > MAC= SRC=66.28.140.212 DST=63.206.196.108 LEN=60 TOS=0x00 PREC=0x00 > > TTL=42 ID=51200 DF PROTO=TCP SPT=2022 DPT=1080 WINDOW=57344 RES=0x00 > > SYN URGP=0 > [rest deleted] > > > > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > ------------------------------------------------------------------------------- > > ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
