Re: Am I being attacked?

To: debian-user@lists.debian.org
Subject: Re: Am I being attacked?
From: John Patton <patton66@home.com>
Date: Wed, 18 Jul 2001 13:14:45 -0500
Message-id: <[🔎] 20010718131444.B26324@debian>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20010718161609.134CB1C5F@perens.com>
References: <[🔎] 20010718161609.134CB1C5F@perens.com>

Probs to those ports are very common lately. They are
probably script kiddies doing sweep scans on those ports
looking for potential machines to attack. Since you are
blocking those ports you are most likely safe (you aren't an
easy candidate). If you got dozens of logs from the same
source you should be concerned about a dedicated attack.
Meanwhile you're just noticing what happens all the time,
every day (slightly alarming, isn't it?)

On Wed, Jul 18, 2001 at 09:16:09AM -0700, Bruce Perens wrote:
> The answer is probably yes, but do the following indicate script-kiddie
> probes? They are directed at portmap, lpr, and nmbd. I don't know why the
> ones on the smtp port were rejected. The .184 system is my router.
> 
> 	Thanks
> 
> 	Bruce
> 
> Packet log: input DENY eth0 PROTO=6 216.103.219.35:17956 216.15.108.184:111 L=40 S=0x00 I=3466 F=0x0000 T=108 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 202.66.169.18:4439 216.15.108.184:515 L=60 S=0x00 I=43201 F=0x4000 T=47 SYN (#10)
> Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18430 F=0x0000 T=114 (#10)
> Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18686 F=0x0000 T=114 (#10)
> Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18942 F=0x0000 T=114 (#10)
> Packet log: input DENY eth0 PROTO=6 210.101.105.16:3546 216.15.108.184:111 L=60 S=0x00 I=13241 F=0x4000 T=47 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57801 F=0x4000 T=110 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57847 F=0x4000 T=110 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57880 F=0x4000 T=110 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 209.10.200.83:2151 216.15.108.184:111 L=60 S=0x00 I=14138 F=0x4000 T=56 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 210.178.232.1:4935 216.15.108.184:111 L=60 S=0x00 I=38311 F=0x4000 T=41 SYN (#10)
> Packet log: input DENY eth0 PROTO=6 64.65.56.45:1274 216.15.108.184:515 L=60 S=0x00 I=146 F=0x4000 T=46 SYN (#10)
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
John Patton                      patton66@home.com

"Doubt is not a pleasant condition, but certainty is absurd."
- Voltaire [Francois Marie Arouet] (1694-1778)

Reply to:

References:
- Am I being attacked?
  - From: bruce@perens.com (Bruce Perens)

Prev by Date: Re: locatedb question
Next by Date: Sendmail newbie question
Previous by thread: Re: Am I being attacked?
Next by thread: locatedb question
Index(es):
- Date
- Thread