on Tue, May 22, 2001 at 07:08:06PM -0500, Balbir Thomas ([EMAIL PROTECTED]) wrote: > Hi, > My tcplogd reports are starting to look like this : > > May 22 18:09:06 mandelbrot tcplogd: port 1884 connection attempt from > +outpost.zedz.net [194.109.206.210] > May 22 18:09:06 mandelbrot tcplogd: port 1885 connection attempt from > +outpost.zedz.net [194.109.206.210] > May 22 18:09:07 mandelbrot tcplogd: port 1886 connection attempt from > +outpost.zedz.net [194.109.206.210] > May 22 18:09:08 mandelbrot tcplogd: port 1887 connection attempt from > +outpost.zedz.net [194.109.206.210] > May 22 18:09:09 mandelbrot tcplogd: port 1888 connection attempt from > +outpost.zedz.net [194.109.206.210] > May 22 18:09:09 mandelbrot tcplogd: port 1889 connection attempt from > +outpost.zedz.net [194.109.206.210] > > This goes on and on . Does this mean someone is trying to port scan my > pc.
Looks like it.
> If so what can I do to detect/prevent breakin and restrain him/her
> ?
I'd send an email to [EMAIL PROTECTED] to alert them, and their upstream
provider,
$ whois 194.109.206.210
...will give you this info -- looks like xs4all.nl is the hosting
service, in the Netherlands.
You can also add a rule to specifically block this IP to your IP
filtering rules. You might want to make sure it's not an IP that
otherwise has legitimate access to your system. Spoofing IP addresses
used in portscanning is a known DOS tactic.
You should also check to see that you're not running any service or
leaking access to your system at high level ports. Above 1024, there
are some services including X (6000-6064), VNC, MySQL, and others.
> Any pointer to security for debian newbies ?? thanking you
There are several good books on firewalling. The O'Reilly one is
classic, New Riders have _Linux Firewalls_, Wiley have _Building Linux and
OpenBSD Firewalls_. All are recommended.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Disclaimer: http://www.goldmark.org/jeff/stupid-disclaimers/
pgpKnINyLGfYZ.pgp
Description: PGP signature
