Re: port 80 access while downloading over ppp ?
I think you're correct Jesús,
on a side note Michael perhaps it's worth installing nmap and
snort (the
latest snort can be obtained by putting this in your
/etc/apt/sources.list:
deb http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
)
these two tools are very valuable for network security,
with
nmap localhost
you can check what state your ports are in (or those on any machine), an
dit might avoid any rootkitting tricks with netstat.
Snort is a tool which puts alerts in /var/log/snort/
if suspicious network activity takes place.
These tools might help you feel more secure (but not over-confident).
Cheers,
James
---------------------------------------------------------
James Ferrando
On Thu, 10 Jul 2003, Jesús Roncero wrote:
> On Thursday 10 July 2003 15:12, mi wrote:
> > But how can it get access to a ppp connection ? Should i send a note to my
> > isp ?
>
> Well, when you get connected to your isp via ppp, you are using, I suppose, a
> dynamic address wich belongs to the range your ISP owns. So you get a real IP
> address when connected. If anyhow that address is chosen by the worm, it is
> certanly random or, at least, because the previous computer that used that
> address connected to the infected one or whatever.
> Not something you should tell your ISP AFAIK, they should be getting tons of
> those access.
> Anyhow if anyone have a better explanation than mine (I'm not as experienced
> on this topic as I would like) I'm glad to hear, although this is getting
> some off-topic on this list.
>
> --
> Jesús Roncero Franco | running debian linux
> Sevilla - Spain | gpg-key available
>
>
> --
> To UNSUBSCRIBE, email to debian-laptop-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: