what's this activity - and anyone know a good listserve...

Wed, 15 Nov 2000 13:28:57 -0800 

Hi - I posted this a week ago and it seems to have gotten overlooked 
(ignored?) by just about everyone... I was hoping that a second post 
with an improved subject line may get a better response... I'm keen 
to have part 1 answeresd - but more keen to have the second part 
answered... as that will probably take care of part one too! :)

TIA - dan.

At 9:52 PM +1100 9/11/00, Dan Horth wrote:
>Hiya - I've been getting the occasional set of entries in my log files
>relating to traffic blocked at our firewall - I was wondering two things:
>
>1) What is this traffic - is it someone checking to see if there is a
>trinoo type process running on my server? I seem to recognise those ports
>being probed as ones that the trinoo type exploited hosts listen on
>for activation of attacks:
>
>Nov  9 21:31:11 FireWall kernel: Packet log: input DENY ppp0 PROTO=17
>their.ip.address:38243 my.ip.address:33435 L=40 S=0x00 I=41391 F=0x4000
>T=104
>(#31)
>Nov  9 21:31:16 FireWall kernel: Packet log: input DENY ppp0 PROTO=17
>their.ip.address:38243 my.ip.address:33436 L=40 S=0x00 I=41392 F=0x4000
>T=104
>(#31)
>Nov  9 21:31:21 FireWall kernel: Packet log: input DENY ppp0 PROTO=17
>their.ip.address:38243 my.ip.address:33437 L=40 S=0x00 I=41393 F=0x4000
>T=104
>(#31)
>
>2) is there a security listserve that deals more specifically with
>enquiries like this? I've also noticed a bunch of weird activity on port
>139 that I originally thought was a port scan - but was told by one very
>rude sysadmin that the activity I was reporting was "standard" behaviour
>of a windows based computer connecting to the net - scanning for NETBIOS
>services on it's "local" network... anyway - I'd rather not be hassling
>the redhat list with these ipchains / firewall / security issues every
>other day as I strive to understand what is an attack and what is not...
>
>TIA - dan.
-- 

        Nitro - 3D Visualisation, Graphics & Animation
                Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
                        http://www.nitro.com.au/



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to