On Sun, 15 Dec 2002 10:48:31 CST Lynn Avants wrote: > > When looking at your Shorewall logs, how do you decide if you are > > just being scanned or if someone(s) is trying to make an effort to > > get access to you box? > > Match the destination port to a list like /etc/services and see if > there are repeated attempts to services such as ssh/telnet/smbd/nmbd
It is probably worth mentioning that, by default, shorewall silently rejects SMB and NMB traffic: $ grep -e 135 -e 137 -e 445 /etc/shorewall/common.def run_iptables -A common -p udp --dport 137:139 -j REJECT run_iptables -A common -p udp --dport 445 -j REJECT run_iptables -A common -p tcp --dport 135 -j reject --Brad > or an ip that scans many ports (port-scan). These would likely be > someone interested in attempting to crack your firewall/LAN, otherwise > the traffic is most likely "internet trash" that comes in a huge variety. > -- > ~Lynn Avants ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
