-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Ford wrote:
> Any tips regarding spotting genuine attacks on a Bering UClib box, rather
> than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
>
> Jim Ford
Jim,
That's hard to answer because the pattern changes over time. What I
Looks like someone is trying to connect to a Systems Management Server
2003, using your internal ip 192.168.73.76. Look for the heading:
Port requirements: SMS Remote Control System service: Wuser32
That’s strange! 192.168.73.76 is a Gentoo Linux email (Postfix) and web
(Apache) server. Why wou
Any tips regarding spotting genuine attacks on a Bering UClib box, rather
than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
Jim Ford
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problem
> Wouldn't it just be easier and more secure to set the machine to a static
> IP?
> You may need to change the range of static IP addresses - or determine what
> it is, but for my money that makes the most sense.
I guess so, but I would rather not 'hard wire' anything into the configuration.
Bu
