Re: [Confirme] lire les logs iptables

deny Fri, 12 Sep 2003 03:59:10 -0700

bonjour
j'ai configure fwlogwatch , merci a alex pour l'adresse
et maintenant j'ai recupere mes logs et la je suis perplexe

j'ai des scans vers des ports que je ne trouve meme pas dans /etc/services
il y a t'il des trucs qui craignent dans ce report ?

9	sep 12 12:09:30	00:00:01:41	tcp	24.218.226.241	2333	81.56.190.19	3836
6	sep 12 12:32:33	00:00:01:34	tcp	212.27.35.7	80	81.56.190.19	1657
4	sep 12 11:58:38	00:00:06:00	tcp	35.11.149.102	2619	81.56.190.19	2244
4	sep 12 12:10:05	00:00:08:00	tcp	35.11.149.102	2619	81.56.190.19	3954
4	sep 12 12:28:16	00:00:06:00	tcp	35.11.149.102	2619	81.56.190.19	4100
4	sep 12 12:32:42	00:00:00:21	tcp	212.27.35.2	80	81.56.190.19	1936
3	sep 12 12:07:19	-	tcp	212.27.35.2	80	81.56.190.19	1349
3	sep 12 12:11:23	00:00:04:00	tcp	35.11.149.102	2619	81.56.190.19	4004
3	sep 12 12:46:07	-	tcp	212.27.35.2	80	81.56.190.19	1275
2	sep 12 11:57:05	00:00:02:00	tcp	198.110.99.117	2212	81.56.190.19	2339
2	sep 12 11:57:27	00:00:00:03	tcp	81.56.80.21	4677	81.56.190.19	135
2	sep 12 11:58:56	00:00:00:03	tcp	81.56.123.146	2345	81.56.190.19	445
2	sep 12 12:00:04	00:00:00:03	tcp	81.56.123.146	2848	81.56.190.19	445
2	sep 12 12:00:16	00:00:00:03	tcp	81.56.165.216	4634	81.56.190.19	135
2	sep 12 12:03:08	00:00:00:03	tcp	81.56.209.98	1739	81.56.190.19	445
2	sep 12 12:05:08	00:00:02:00	tcp	198.110.99.117	2212	81.56.190.19	3914
2	sep 12 12:09:19	00:00:00:03	tcp	81.56.174.160	4972	81.56.190.19	135
2	sep 12 12:17:56	00:00:00:03	tcp	81.56.170.95	3551	81.56.190.19	135
2	sep 12 12:30:40	00:00:02:00	tcp	35.11.149.102	2619	81.56.190.19	4131
2	sep 12 12:36:02	00:00:00:06	tcp	81.56.188.97	3417	81.56.190.19	135
2	sep 12 12:40:17	00:00:00:03	tcp	81.56.27.129	2964	81.56.190.19	445
2	sep 12 12:41:52	00:00:00:03	tcp	81.48.20.184	1099	81.56.190.19	135
2	sep 12 12:43:34	00:00:00:03	tcp	81.56.97.165	3715	81.56.190.19	135
2	sep 12 12:44:49	00:00:00:03	tcp	82.65.107.250	4869	81.56.190.19	135
1	sep 12 11:56:04	-	tcp	35.11.149.102	2619	81.56.190.19	3832
1	sep 12 11:57:04	-	tcp	172.151.175.128	2498	81.56.190.19	2292
1	sep 12 11:58:08	-	icmp	81.56.210.251	8	81.56.190.19	0
1	sep 12 12:01:14	-	udp	218.71.75.187	7945	81.56.190.19	137
1	sep 12 12:02:15	-	tcp	81.36.201.167	3485	81.56.190.19	135
1	sep 12 12:04:05	-	udp	220.106.146.79	56597	81.56.190.19	137
1	sep 12 12:05:03	-	icmp	81.59.49.9	8	81.56.190.19	0
1	sep 12 12:06:40	-	tcp	81.56.26.165	4030	81.56.190.19	135
1	sep 12 12:09:21	-	tcp	213.228.0.141	110	81.56.190.19	4027
1	sep 12 12:11:31	-	icmp	81.59.77.121	8	81.56.190.19	0
1	sep 12 12:12:30	-	tcp	81.35.178.86	3189	81.56.190.19	135
1	sep 12 12:12:51	-	tcp	81.56.108.72	2277	81.56.190.19	135
1	sep 12 12:14:29	-	udp	80.46.157.181	1026	81.56.190.19	137
1	sep 12 12:15:39	-	tcp	81.33.79.133	2009	81.56.190.19	135
1	sep 12 12:16:44	-	icmp	81.59.116.163	8	81.56.190.19	0
1	sep 12 12:18:03	-	tcp	66.220.17.151	80	81.56.190.19	1386
1	sep 12 12:19:48	-	tcp	202.156.50.231	3398	81.56.190.19	4103
1	sep 12 12:23:44	-	icmp	81.57.34.167	8	81.56.190.19	0
1	sep 12 12:24:36	-	icmp	81.57.0.71	8	81.56.190.19	0
1	sep 12 12:26:47	-	tcp	81.56.191.157	1955	81.56.190.19	135
1	sep 12 12:27:36	-	tcp	81.34.72.7	4094	81.56.190.19	135
1	sep 12 12:28:02	-	icmp	81.53.13.87	8	81.56.190.19	0
1	sep 12 12:30:46	-	tcp	81.32.34.6	2366	81.56.190.19	135
1	sep 12 12:30:58	-	icmp	81.57.18.116	8	81.56.190.19	0
1	sep 12 12:31:44	-	tcp	82.64.59.225	1025	81.56.190.19	1893
1	sep 12 12:33:11	-	icmp	81.59.67.17	8	81.56.190.19	0
1	sep 12 12:35:44	-	tcp	172.189.233.71	1421	81.56.190.19	4171
1	sep 12 12:36:45	-	icmp	81.58.28.206	8	81.56.190.19	0
1	sep 12 12:39:19	-	tcp	81.34.226.117	3601	81.56.190.19	135
1	sep 12 12:41:49	-	icmp	81.57.129.192	8	81.56.190.19	0
1	sep 12 12:45:09	-	tcp	82.64.59.225	1025	81.56.190.19	1464

Re: [Confirme] lire les logs iptables

Répondre à