I am going to ask what may seem like a silly question, but being an inquisitive newbie , I am going to ask it anyway...
When looking at your Shorewall logs, how do you decide if you are just being scanned or if someone(s) is trying to make an effort to get access to you box? I am seeing increasing numbers of hits - 14 yesterday and 18 today - to port 27374 (which one source says is "Linux.Ramen.Worm - attacks RedHat Linux") Now the fact that the firewall is blocking this is good....but should I be tracking these hits to see if there is a pattern and blacklisting or is this sort of thing considered "normal"? Any help here would be appreciate, or if there is a FAQ or webpage that someone could point me to, I would interested in this info ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
