>>>>> "tack" == tack <[EMAIL PROTECTED]> writes:
tack> welcome to my world. the ports I see most often are 80
Hi. I've been getting a lot attempts to connect to 80 too, from lots
of machines. Naive young fool that I am, I assumed these were
innocent. Why someone would think I am running a web server and would
be interested to browse my pages, I can't say. I assumed they were
innocent because they did not attempt to connect to any other ports.
Do you think it's a good idea to assume these are malicious and add
the IP's to my iptables bastard list that denies all access now and
forever?
On a side note, I found out you could get the domain name with the
'host' command. The 'distributed scans' I referred to earlier were
coming from a bunch of machines:
esupport-sd10.websys.aol.com
esupport-sd11.websys.aol.comq
esupport-sd14.websys.aol.com
Anyone know if websys is this AOL's cable modem service? The other
handy tool to find out an IP is traceroute, which will give you all
the machines on the way to the destination. Thanks, *Hacking Linux
Exposed*.
Thanks,
JDH
