LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] LogWatch: rebuke to ILUG gurus

[ILUG] LogWatch: rebuke to ILUG gurus

Bryan O'Donoghue typedef at eircom.net
Mon Feb 14 13:22:52 GMT 2005 

Timothy Murphy wrote:
> I asked a little while ago about interpreting LogWatches,
> and was surprised that none of the responses highlighted
> what now seems to me - after a little googly research - the essential point,
> namely that what matters is not the IP address of dropped packets
> but the port they are trying to access.
> For example, I see that in yesterdays LogWatch
> about one fifth of the 157 dropped packets targetted port 15118,
> which I see from <http://www.linklogger.com/commonscans.htm>
> is a DipnetOddbob worm.
> 
> About half the ports targetted seem associated to known attacks.
> The remainded seem mostly to consist of scans from one address
> targetting a large range of ports, eg 63 packets from 62.73.129.165
> scanning ports in the 32000 range.
> Why would anyone try that?



You were smurfed !

ie : someone probing all the ports on your machine to see which services 
are running, typically the next step is to try and find versions of 
known running services so that script kiddie (x) and try a spl0it he 
downloaded from the internet.

If the scan was sequential, you can be sure that some really l33t 
lax0r[1], was probing your system to see if there were any obvious 
vulnerabilities [2]. _I_ wouldn't be worried about this sort of thing... 
if the person probing your system had _a_clue_ there are any number of 
less obvious port scans which can be done, that don't immediately set of 
a range of alarm bells ringing.

Thus the fact that whoever scanned your box _did_ set off alarm bells, 
means that either a) they don't know what they are doing and thus are 
unlikely to be able to find and exploit a vulnerability in your box or 
b) are a proggie somewhere doing random scans of boxes either randomly 
or sequentially... in which case whoever setup the proggie to do that... 
still doesn't have a clue.

Bottom line, nothing to worry about.

Now : The fact that I removed my tin foil hat and the No_Such_Agency is 
controlling my brain, to make me say that... should in no way increase 
your paranoia level.

[1] tounge/cheek
[2] Perhaps someone you gave a bad grade to ?


--
Bryan

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell