Timothy Murphy wrote:
>Logwatch stopped working properly on my Fedora system
>with one update of logwatch.rpm but has now started again
>with the next update.
>>>That's a bit of a boo boo by any standards, however it does happen &
when it does best practice would hint that you roll back to a package
that actually works rather than keeping with a borked version. You did
actually read the changelogs and "test" the new packages somewhere
before rolling them out didnt you?
>During the week or fortnight I missed
>the number of dropped packets has increased dramatically,
>from about 200 per day to about 1000.
>>IMO 1000 droped packets a day is a relativly small amount
>Most of these are targeted at ports 1026, 1027
>which I take to be some kind of ssh or ssl attack.
>>a quick look through an nmap services list yields the following
LSA-or-nterm 1026/tcp # nterm remote_login network_terminal
so on the surface of things it looks as if there's something attempting
to connect into some service on an IIS (port 1027) as for the 1026
connection, I dont know & couldnt be bothered researchin it further now ;)
>My question is, Should I be worried?
>>you should ALWAYS be worried however I dont think that there's anything
bad happening right now as packets are being dropped so you're
firewall's seems to be doing something right
>Is there any chance that this attack will succeed at some point?
>>for this particular one, probably not, BUT there's every chance that a
future one will, that's the nature of the beast.
>And is there anything more that I could or should do?
>(I'm running a standard shorewall firewall.)
>>Keep stuff patched and up to date (provided that new updates dont break
keep an eye on new vluns for what you're running and it's no harm to
keep yourself informed as to what nasties are in the wild.
and the really obvous thing is to only allow in stuff that you actually
want / need
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!