I don't know what it is... phase of the moon? ...
but my security logs are logging more attacks and
probes than ever before.
Granted, right now the Red Worm is running rampant,
but I've only been hit with that 16 times total since
it first appeared in the wild (day before yesterday?).
Most of the probes I've been getting are on ports 119,
21, 23, 111, 25, (nntp, ftp, telnet, rpc, smtp) more
or less in that order of occurence.
Anyway... I've been thinking that since I've got all
these great security tools, some of you might like to
have a port scan (nmap) and security check (nessus) to
see what your potential vulnerabilities might be.
This really doesn't need to concern DOS users much.
Most crackers are looking for machines they can use as
anonymity shields to then use for their really serious
cracking activities.
So if any of you Windows or Linux users would like
to see what ports are open on your machines and what
the ramifications of that might be, give a holler, and
I'll show you yourselves the way the cracker sees
you.
1) default nmap scan - sends SYN stealth packets to
ports 0-1024 and determines whether they're opened,
closed, or filtered. Nmap also can usually determine
OS type and version from this scan.
See http://www.insecure.org/nmap/
2) nmap, SYN stealth to ALL ports. More time consuming,
but also more complete. Some trojans use the high
"non-priveleged" ports which aren't generally checked.
3) nessus "enable all but dangerous" scan. This runs
all tests which are not capable of crashing any machine.
See http://www.nessus.org/intro.html
4) "Enable all" scan. This runs all tests. If your
machine is vulnerable to certain known exploits, this
test has the potential of crashing your machine...
(this mostly applies to Windows)
If you're on cable or DSL, I can run the scans any
time. Dial-up means we'd have to coordinate times.
Anyone interested?
- Steve
