Incoming from Wanda Round:
> After reading that I should look through /var/log/messages, I did
> and found many lines like these:
>
> Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
> SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
> ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
- It came in over ppp0.
- It didn't get back out.
- No network card was involved.
- It came from 201.129.122.85
- Your IP was 12.65.24.43
- [Other stuff]
- It was TCP protocol (as opposed to UDP, ICMP, ...)
- It came from their port #4346.
- It went at your port #445.
- [Other stuff]
The only thing I tend to care about is:
- What, on my machine, is at port #445 (nothing). "grep 445 /etc/services".
- If it's an INcoming or OUTgoing packet, is it (related to)
something I started?
- Many things (like 53, DNS) are just idiots out there who (for
whatever reason) think you are their nameserver. Ignore them.
- Many hits on your box are from viruses and worms looking to infect
your box. Ignore them.
- Many hits are from spammers trying to find out if they can use you
as an open mail relay. Ignore them.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
