Re: last 24 hour port scan log
From: The Other Guy (nospam@this.addy)
Date: 01/26/03
- Next message: RT: "Re: DoS Attack on UDP port 1434"
- Previous message: Duane Arnold: "Re: New SQL Server worm - UDP Port 1434"
- In reply to:(deleted message) Leythos: "Re: last 24 hour port scan log"
- Next in thread: Leythos: "Re: last 24 hour port scan log"
- Reply:(deleted message) Leythos: "Re: last 24 hour port scan log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: The Other Guy <nospam@this.addy> Date: Sun, 26 Jan 2003 16:00:44 GMT
On Sun, 26 Jan 2003 14:01:43 GMT, while waiting for Somebody Else to
show up and say something, The Other Guy responded to a post from
Leythos <void@nowhere.com> who wrote in alt.computer.security:
>In article <v37pqqd80ae4c7@corp.supernews.com>, neosadist@hotmail.com
>says...
>>
>> "Leythos" <void@nowhere.com> wrote in message
>> news:MPG.189d07a47fa663ed989967@news-server.columbus.rr.com...
>> > Here's what I've recorded from my (Inbound only) firewall logs for the
>> > last 24 hours on my home network.
>> >
>> > It would be nice if most ISP's blocked inbound 137 & 139, that would
>> > remove about 90% of the log :)
>>
>>
>> FOR NEWBIES:
>
>I should have thought of that - I could modify the stored proc to show
>the service type attached to the port. I may do that later today.
>[snip]
>
>By the way - 25 is inbound, so it's not used inbound by Outlook or other
>mail readers. It's used to send mail from one server into another - so
>people scanning 25 are looking for an open mail server, or are sending
>mail to the server on the inbound network.
It's interesting that 110 is never probed -- nobody wants to read your
(cold comfort, I know), but everybody wants to use your 'mail
carrier'.
Also of note, in a 48 hr period you have 30 times more hits for WIN
File sharing than for your web site (And I'm thinking the last few
hours the hits are more you doing 'real time' checks from elsewhere or
testing that feature). Are you running SSL or are the https hits
attempting exploits on that service (there was a rash of those when
the vuln. came out not too long ago).
Finally, how many just above 1024 are apps you are using that require
a connection to the outside.
-- ./configure --prefix=~/zyterion Not this guy or that guy, The Other Guy. This spot may contain a satirical comment or comedic source, and is meant to be funny. If you are easily offended, gullible or don't have a sense of humour we suggest you read elsewhere.
- Next message: RT: "Re: DoS Attack on UDP port 1434"
- Previous message: Duane Arnold: "Re: New SQL Server worm - UDP Port 1434"
- In reply to:(deleted message) Leythos: "Re: last 24 hour port scan log"
- Next in thread: Leythos: "Re: last 24 hour port scan log"
- Reply:(deleted message) Leythos: "Re: last 24 hour port scan log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
