Complete.Org: Mailing Lists: Archives: discussion: February 2000:
[aclug-L] Why you want a firewall

[aclug-L] Why you want a firewall

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	aclug-L@xxxxxxxxxxxx
Subject:	[aclug-L] Why you want a firewall
From:	Jeff <schaller@xxxxxxxxxxxxx>
Date:	Thu, 3 Feb 2000 09:05:46 -0600 (CST)
Reply-to:	aclug-L@xxxxxxxxxxxx

My girlfriend was online surfing the other day; I got home and saw
the following in the firewall log:

(Legend)
x: ! means denied
Date/time: duh
srcp: source port
destp: destination port (on my box)
prot: protocol
src ip: source IP

x  Date/time       srcp     destp   prot   src ip
! Feb  1 16:03:32  50612 -> domain  /udp/ 209.10.67.149
! Feb  1 16:03:38  26896 -> echo    /tcp/ 209.10.67.149
! Feb  1 16:03:42  27394 -> gopher  /tcp/ 209.10.67.149
! Feb  1 16:03:42  27666 -> nntp    /tcp/ 209.10.67.149
! Feb  1 16:03:42  26662 -> pop-3   /tcp/ 209.10.67.149
! Feb  1 16:03:43  27265 -> smtp    /tcp/ 209.10.67.149
! Feb  1 16:03:44  26896 -> echo    /tcp/ 209.10.67.149
! Feb  1 16:03:45  27534 -> time    /tcp/ 209.10.67.149
! Feb  1 16:03:48  27555 -> www     /tcp/ 209.10.67.149
! Feb  1 16:03:49  27394 -> gopher  /tcp/ 209.10.67.149
! Feb  1 16:03:52  27666 -> nntp    /tcp/ 209.10.67.149
! Feb  1 16:03:53  26662 -> pop-3   /tcp/ 209.10.67.149
! Feb  1 16:03:54  27737 -> imap2   /tcp/ 209.10.67.149
! Feb  1 16:03:55  27265 -> smtp    /tcp/ 209.10.67.149
! Feb  1 16:03:55  27534 -> time    /tcp/ 209.10.67.149
! Feb  1 16:03:58  50603 -> 161     /udp/ 209.10.67.149
! Feb  1 16:03:59  27555 -> www     /tcp/ 209.10.67.149
! Feb  1 16:04:08  27737 -> imap2   /tcp/ 209.10.67.149
! Feb  1 16:04:09  26896 -> echo    /tcp/ 209.10.67.149
! Feb  1 16:04:16  27394 -> gopher  /tcp/ 209.10.67.149
! Feb  1 16:04:16  27666 -> nntp    /tcp/ 209.10.67.149
! Feb  1 16:04:23  26662 -> pop-3   /tcp/ 209.10.67.149
! Feb  1 16:04:26  27265 -> smtp    /tcp/ 209.10.67.149
! Feb  1 16:04:27  27534 -> time    /tcp/ 209.10.67.149
! Feb  1 16:04:33  27555 -> www     /tcp/ 209.10.67.149
! Feb  1 16:04:40  27737 -> imap2   /tcp/ 209.10.67.149
! Feb  1 16:04:56  26896 -> echo    /tcp/ 209.10.67.149
! Feb  1 16:04:58  27394 -> gopher  /tcp/ 209.10.67.149
! Feb  1 16:04:58  27666 -> nntp    /tcp/ 209.10.67.149
! Feb  1 16:05:04  26662 -> pop-3   /tcp/ 209.10.67.149
! Feb  1 16:05:06  28322 -> smtp    /tcp/ 209.10.67.149

A bit more interesting than the random ftp attempt or webtv cruft.
Smells very much like an nmap scan for vulnerable services. How
many of you provide these services (email, web)? Are they recent
versions? Do you need to be providing them to th entire world, or
can you specify who should access them?

If you don't have a firewall up, you should -- particularly if
you're on a cablemodem.

-jeff
-- 
The CDC are reporting a record outbreak of illness as the flu sweeps the
country. What are the effects of the recent epidemic?
16%: Offices forced to operate with 2/3 of the workers, cutting output by as
much as two percent. http://theonion.com/onion3601/infograph_3601.html

[Prev in Thread]

Current Thread

[Next in Thread]

[aclug-L] Why you want a firewall, Jeff <=

Prev by Date: [aclug-L] Re: Simple C question (which shows my C ignorance)
Next by Date: [aclug-L] Priting CD labels under Linux??
Previous by thread: [aclug-L] Simple C question (which shows my C ignorance)
Next by thread: [aclug-L] Priting CD labels under Linux??
Index(es):
- Date
- Thread