[aclug-L] Why you want a firewall
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
My girlfriend was online surfing the other day; I got home and saw
the following in the firewall log:
(Legend)
x: ! means denied
Date/time: duh
srcp: source port
destp: destination port (on my box)
prot: protocol
src ip: source IP
x Date/time srcp destp prot src ip
! Feb 1 16:03:32 50612 -> domain /udp/ 209.10.67.149
! Feb 1 16:03:38 26896 -> echo /tcp/ 209.10.67.149
! Feb 1 16:03:42 27394 -> gopher /tcp/ 209.10.67.149
! Feb 1 16:03:42 27666 -> nntp /tcp/ 209.10.67.149
! Feb 1 16:03:42 26662 -> pop-3 /tcp/ 209.10.67.149
! Feb 1 16:03:43 27265 -> smtp /tcp/ 209.10.67.149
! Feb 1 16:03:44 26896 -> echo /tcp/ 209.10.67.149
! Feb 1 16:03:45 27534 -> time /tcp/ 209.10.67.149
! Feb 1 16:03:48 27555 -> www /tcp/ 209.10.67.149
! Feb 1 16:03:49 27394 -> gopher /tcp/ 209.10.67.149
! Feb 1 16:03:52 27666 -> nntp /tcp/ 209.10.67.149
! Feb 1 16:03:53 26662 -> pop-3 /tcp/ 209.10.67.149
! Feb 1 16:03:54 27737 -> imap2 /tcp/ 209.10.67.149
! Feb 1 16:03:55 27265 -> smtp /tcp/ 209.10.67.149
! Feb 1 16:03:55 27534 -> time /tcp/ 209.10.67.149
! Feb 1 16:03:58 50603 -> 161 /udp/ 209.10.67.149
! Feb 1 16:03:59 27555 -> www /tcp/ 209.10.67.149
! Feb 1 16:04:08 27737 -> imap2 /tcp/ 209.10.67.149
! Feb 1 16:04:09 26896 -> echo /tcp/ 209.10.67.149
! Feb 1 16:04:16 27394 -> gopher /tcp/ 209.10.67.149
! Feb 1 16:04:16 27666 -> nntp /tcp/ 209.10.67.149
! Feb 1 16:04:23 26662 -> pop-3 /tcp/ 209.10.67.149
! Feb 1 16:04:26 27265 -> smtp /tcp/ 209.10.67.149
! Feb 1 16:04:27 27534 -> time /tcp/ 209.10.67.149
! Feb 1 16:04:33 27555 -> www /tcp/ 209.10.67.149
! Feb 1 16:04:40 27737 -> imap2 /tcp/ 209.10.67.149
! Feb 1 16:04:56 26896 -> echo /tcp/ 209.10.67.149
! Feb 1 16:04:58 27394 -> gopher /tcp/ 209.10.67.149
! Feb 1 16:04:58 27666 -> nntp /tcp/ 209.10.67.149
! Feb 1 16:05:04 26662 -> pop-3 /tcp/ 209.10.67.149
! Feb 1 16:05:06 28322 -> smtp /tcp/ 209.10.67.149
A bit more interesting than the random ftp attempt or webtv cruft.
Smells very much like an nmap scan for vulnerable services. How
many of you provide these services (email, web)? Are they recent
versions? Do you need to be providing them to th entire world, or
can you specify who should access them?
If you don't have a firewall up, you should -- particularly if
you're on a cablemodem.
-jeff
--
The CDC are reporting a record outbreak of illness as the flu sweeps the
country. What are the effects of the recent epidemic?
16%: Offices forced to operate with 2/3 of the workers, cutting output by as
much as two percent. http://theonion.com/onion3601/infograph_3601.html
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [aclug-L] Why you want a firewall,
Jeff <=
|
|