Complete.Org: Mailing Lists: Archives: linux-help: August 2004:
[linux-help] Re: Port 18593 attacks
Home

[linux-help] Re: Port 18593 attacks

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Port 18593 attacks
From: Michael Osten <lists@xxxxxxxxxxxx>
Date: Sat, 7 Aug 2004 23:32:09 -0500
Reply-to: linux-help@xxxxxxxxx

On Aug 7, 2004, at 8:46 PM, bbales wrote:

>> My advice..
>>
>> Make sure you machine is up to date with patches and don't worry about
>> port scans, you'll lose too much sleep.
>>
> Probably pretty good advice.  But it screws up the Frazierwall report 
> as the
> firewall can't seem to keep up with it.  The log gets up to around 
> 150KB and
> drops the earliest hits.
>
> I shut the modem and firewall down for over 24 hours and switched the 
> eth0
> board.  Now I am no longer getting hits on TCP port 18395.  They are 
> UDP on
> port 2849.  196 in the first 90 minutes.  Quite obviously, something 
> is going
> on that I don't understand.
> bruce
>

Well, is there any way to turn off reporting?  So what happens if you 
telnet to port 18395? or nmap the box?  No one is coming in if there is 
no door.  I guess what I'm saying is that you are probably getting 
false or overzealous  reports from your firewall, and that they are 
really nothing to lose sleep about.


-- Attached file included as plaintext by Ecartis --
-- File: PGP.sig
-- Desc: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBFazJ+siimnI2HPURAm3kAJ4xpiC5ss0kdPrKwH7obrMsmmLePACfQm81
abNgAirU3vSF02RY/RnDwsQ=
=hIgo
-----END PGP SIGNATURE-----


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]