[linux-help] Re: Port 18593 attacks

[Michael Osten <lists@xxxxxxxxxxxx>]

On Aug 7, 2004, at 8:46 PM, bbales wrote:

>> My advice..
>>
>> Make sure you machine is up to date with patches and don't worry about
>> port scans, you'll lose too much sleep.
>>
> Probably pretty good advice.  But it screws up the Frazierwall report 
> as the
> firewall can't seem to keep up with it.  The log gets up to around 
> 150KB and
> drops the earliest hits.
>
> I shut the modem and firewall down for over 24 hours and switched the 
> eth0
> board.  Now I am no longer getting hits on TCP port 18395.  They are 
> UDP on
> port 2849.  196 in the first 90 minutes.  Quite obviously, something 
> is going
> on that I don't understand.
> bruce
>

Well, is there any way to turn off reporting?  So what happens if you 
telnet to port 18395? or nmap the box?  No one is coming in if there is 
no door.  I guess what I'm saying is that you are probably getting 
false or overzealous  reports from your firewall, and that they are 
really nothing to lose sleep about.


-- Attached file included as plaintext by Ecartis --
-- File: PGP.sig
-- Desc: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBFazJ+siimnI2HPURAm3kAJ4xpiC5ss0kdPrKwH7obrMsmmLePACfQm81
abNgAirU3vSF02RY/RnDwsQ=
=hIgo
-----END PGP SIGNATURE-----


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi