On Sunday 11 December 2005 06:56, Jim Ford wrote: > I'm seeing lots of probes, mainly UDP, targetting ports 1025 to 1032 on my > firewall. I've had a look at grc.com (very informative) and it seems that > these ports are targetted by trojans. Is what I'm seeing an attempt to see > if a trojan has opened any of these ports? >
Yes -- it's just noise. To cut down on the amount of clutter appearing in my firewall log, I silently blacklist certain traffic. In shorewall.conf, I set BLACKLIST_LOGLEVEL="". Then in /etc/shorewall/blacklist, I have the equivalent of: 0.0.0.0/0 tcp 57 0.0.0.0/0 tcp 1023 0.0.0.0/0 udp 1025:1032 0.0.0.0/0 udp 1434 0.0.0.0/0 tcp 1433 0.0.0.0/0 tcp 2745 0.0.0.0/0 tcp 3127 0.0.0.0/0 tcp 3410 0.0.0.0/0 tcp 4899 0.0.0.0/0 tcp 5554 0.0.0.0/0 tcp 8081 0.0.0.0/0 tcp 9898 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpRvlX4Iz2As.pgp
Description: PGP signature