On Wed, 3 Nov 2004, Keith Davey wrote:
> Hi,
>> I am noticing a lot of traffic hitting our smoothwall box here.
Always there.
> It seems to be mainly hitting ports:
# iptables -v -L scans | awk '$1 ~ /^[0-9]/{printf("%10d %5s %3s
%20s\n",$1,$2,$10,$11)}'
2422 117K tcp dpt:1243
6022 293K tcp dpt:4899
73 3440 tcp dpt:4898
593 390K udp dpt:135
548 26304 tcp dpt:12345
21478 21M udp dpt:1026
6934 337K tcp dpt:17300
2929 141K tcp dpt:5000
136 6550K tcp dpt:microsoft-ds
59549 2871K tcp dpt:135
85955 4145K tcp dpt:netbios-ssn
69518 3350K tcp dpt:3127
12806 612K tcp dpt:ms-sql-s
166 7985K tcp dpt:2745
74372 3582K tcp dpt:6129
1819 87888 tcp dpt:swat
148 7112K tcp dpt:1025
18781 1465K udp dpt:netbios-ns
4220 1693K udp dpt:ms-sql-m
(time period is unknown for above, but could not be more than 44
days).
> The ips these are coming from are either American DSL connections
> or from Korean address ranges.
Yep, see blackholes.us - you can construct iptables chains from them
with a bit of scripting.
> worried? Its all only started up in the last couple of days
Unlikely, unless you only have internet access a few days. You just
never noticed it before for some reason.
> Keith
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Sure he's sharp as a razor ... he's a two-dimensional pinhead!
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
