Bill wrote on Mon, Jul 29, 2002 at 07:57:30PM -0700 : > I finally installed snort and I just got this in my portscan log file. > Jul 29 19:25:46 211.172.121.210:3155 -> 66.47.48.54:515 SYN ******S* > Jul 29 19:25:47 211.172.121.210:3643 -> 66.47.48.54:113 SYN ******S* > Jul 29 19:25:48 211.172.121.210:3644 -> 66.47.48.54:23 SYN ******S* > Jul 29 19:25:46 211.172.121.210:3152 -> 66.47.48.51:515 SYN ******S* > Jul 29 19:25:49 211.172.121.210:3645 -> 66.47.48.51:113 SYN ******S* > Jul 29 19:25:50 211.172.121.210:3646 -> 66.47.48.51:23 SYN ******S* > Does this meen someone is looking for a hole ?
Yes. Looking for lpd, identd, and telnetd (in that order). Basically they're looking for an older box still running old versions of those programs (RedHat 6.x, Mandrake 6.x, Slack, Debian, Turbo, whatever, anything running old versions of those programs). Blue skies... Todd -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk
msg56697/pgp00000.pgp
Description: PGP signature
