Timothy Murphy wrote:
> I asked a little while ago about interpreting LogWatches,
> and was surprised that none of the responses highlighted
> what now seems to me - after a little googly research - the essential point,
> namely that what matters is not the IP address of dropped packets
> but the port they are trying to access.
> For example, I see that in yesterdays LogWatch
> about one fifth of the 157 dropped packets targetted port 15118,
> which I see from <http://www.linklogger.com/commonscans.htm>
> is a DipnetOddbob worm.
>> About half the ports targetted seem associated to known attacks.
> The remainded seem mostly to consist of scans from one address
> targetting a large range of ports, eg 63 packets from 220.127.116.11
> scanning ports in the 32000 range.
> Why would anyone try that?
You were smurfed !
ie : someone probing all the ports on your machine to see which services
are running, typically the next step is to try and find versions of
known running services so that script kiddie (x) and try a spl0it he
downloaded from the internet.
If the scan was sequential, you can be sure that some really l33t
lax0r, was probing your system to see if there were any obvious
vulnerabilities . _I_ wouldn't be worried about this sort of thing...
if the person probing your system had _a_clue_ there are any number of
less obvious port scans which can be done, that don't immediately set of
a range of alarm bells ringing.
Thus the fact that whoever scanned your box _did_ set off alarm bells,
means that either a) they don't know what they are doing and thus are
unlikely to be able to find and exploit a vulnerability in your box or
b) are a proggie somewhere doing random scans of boxes either randomly
or sequentially... in which case whoever setup the proggie to do that...
still doesn't have a clue.
Bottom line, nothing to worry about.
Now : The fact that I removed my tin foil hat and the No_Such_Agency is
controlling my brain, to make me say that... should in no way increase
your paranoia level.
 Perhaps someone you gave a bad grade to ?
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!