LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] logwatch - should I be worried?

[ILUG] logwatch - should I be worried?

Ray Kelly ray at arco.ie
Sun Jul 17 13:29:10 IST 2005 

Timothy Murphy wrote:

>Logwatch stopped working properly on my Fedora system
>with one update of logwatch.rpm but has now started again
>with the next update.
>
>  
>
That's a bit of a boo boo by any standards, however it does happen & 
when it does best practice would hint that you roll back to a package 
that actually works rather than keeping with a borked version. You did 
actually read the changelogs and "test" the new packages somewhere 
before rolling them out didnt you?

>During the week or fortnight I missed
>the number of dropped packets has increased dramatically,
>from about 200 per day to about 1000.
>  
>
IMO 1000 droped packets a day is a relativly small amount

>Most of these are targeted at ports 1026, 1027
>which I take to be some kind of ssh or ssl attack.
>  
>
a quick look through an nmap services list yields the following
LSA-or-nterm      1026/tcp   # nterm remote_login network_terminal
IIS               1027/tcp
so on the surface of things it looks as if there's something attempting 
to connect into some service on an IIS (port 1027) as for the 1026 
connection, I dont know & couldnt be bothered researchin it further now ;)

>My question is, Should I be worried?
>  
>
you should ALWAYS be worried however I dont think that there's anything 
bad happening right now as packets are being dropped so you're 
firewall's seems to be doing something right

>Is there any chance that this attack will succeed at some point?
>  
>
for this particular one, probably not, BUT there's every chance that a 
future one will, that's the nature of the beast.

>And is there anything more that I could or should do?
>(I'm running a standard shorewall firewall.)
>  
>
Keep stuff patched and up to date (provided that new updates dont break 
things)
keep an eye on new vluns for what you're running and it's no harm to 
keep yourself informed as to what nasties are in the wild.
and the really obvous thing is to only allow in stuff that you actually 
want / need

ta
    Ray ...

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell