On Mon, Jan 22, 2001 at 08:13:50AM -0500, Burke, Thomas G. wrote:
> I've been noticing a _lot_ of scans against ports 21 & 111 in the last
> couple of weeks. Do ya think this might be the result of the ramen worm?
Those are standard ports for scans--yah, the frequency just went
up a bit, so I figure somebody in the cracker warrens must have
just posted or written an article about "common ports" or somesuch.
Upswing in 21,23,111,515, with a smattering of others thrown in, and
the ever-present 137 and 139. No consistent source to the probes,
and not enough additional probes to raise alarm.
Have fun with it. I have my box set up to notify me on-line when
I'm logged in. Then, if it's a series--you know, they poke at
137,139,21,23,25, 110,111, etc. in some order from the same place--
before I run my 'addbad' script to block everything from their IP address,
I poke back at ports on their IP address with the same port order.
Their IP address usually suddenly disappears from the 'Net after the
2nd or third reverse port probe.
Cheers,
--
Dave Ihnat
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
