Alvin Oga wrote:
hi ya "quadpolar" :-) On Thu, 27 May 2004, tripolar wrote:I dont think so- The only thing I know of is firestarter (firewall). I received some more messages the same except this time ports 1234 ( service subseven) but going to a different outside IP.post your logs (unedited, except for ip# ) you are reading/interpretting - you don't care that 100's of script kiddies are trying to make 1000's of attempts to get into your pc- consider it a free audit of your systems- if they got in ... you've got a serious, but solvable major problem
What logs? here are a few lines from "hit" listtime:May 27 21:22:29 in: out:eth1 port:12345 source:192.168.1.1 dest:81.53.*.* len:44 tos:0x00 protocol:tcp service:netbus time:May 27 22:10:38 in: out:eth1 port:1234 source:192.168.1.1 dest:63.207.*.* len:40 tos:0x00 protocol:tcp service:subseven
what is the output of "netstat -nv"
netstat -nv only brought up two addresses- my isps mail servers
I had had many ports forwarded from hardware firewall/router (HFR) to debian-sid machine because of certain programs ( which I have since shut down )and then I removed all port forwarding rules from HFR to debian pc. I will just keep an eye out on the hit list.- you are looking for foreign address on whacky ports that have established connections to your local pc - if you cannot explain any of the those outside machines connected to your pc... you've probably need to get comments from the list "what does this line mean" c yaalvin
Thanks