Speaking of snort - I just installed it and I can't quite figure out the reports it sends, it seems to think that I am being attacked quite frequently, when I recognize some of those addresses as being valid addresses which connect to my box. What is up with that?
The log begins from: Nov 07 00:05:03 The log ends at: Nov 07 23:59:55 The number of attack from same host to same destination using same method ========================================================================= attacks to from ========================================================================= 31 Source Port traffic 216.162.197.233 ns1.hisite.com 25 Source Port traffic 216.162.197.233 mtl.bb4.com 21 SMB Name Wildcard 216.162.197.233 cs310-42.spmodem.washingto 14 Source Port traffic 216.162.197.233 ns.CNRI.Reston.VA.US 6 Source Port traffic 216.162.197.233 ns-102.iap.bryant.webtv.ne 5 Source Port traffic 216.162.197.233 ns-101.iap.bryant.webtv.ne 5 Source Port traffic 216.162.197.233 m0002.ip3000.com 4 Source Port traffic 216.162.197.233 resolver1.Seattle1.Level3. 4 Source Port traffic 216.162.197.233 ns1.uswest.net 3 Source Port traffic 216.162.197.233 NYU.EDU 3 Source Port traffic 216.162.197.233 com1.runshaw.ac.uk 3 Source Port traffic 216.162.197.233 ns2.net.ohio-state.edu 3 SMB Name Wildcard 216.162.197.233 12.0.40.191 3 Source Port traffic 216.162.197.233 uswest-dsl-136-186.cortlan 3 Source Port traffic 216.162.197.233 ns2.spl.org 3 SMB Name Wildcard 216.162.197.233 ganges1.responsys.com 2 Source Port traffic 216.162.197.233 lists.tao.ca 2 Source Port traffic 216.162.197.233 dname1.wolfe.net 2 Source Port traffic 216.162.197.233 macaws95.metawire.com 2 Source Port traffic 216.162.197.233 si4001.inktomi.com 2 Source Port traffic 216.162.197.233 bsg-ma-cache2.icg.net On Wed, 08 Nov 2000, Helmut Springer wrote: > On Tue 2000-11-07 (15:49), Jean-Fran�ois JOLY wrote: > > Those FireWalls *are* secure today but as I managed many FireWalls > > and don't have time to upgrade them to the latest software more > > than once a year, I'm quite afraid of new holes being found in > bad. a not administrated firewall becomes insecure, there is no way > to deal with this than administrating it. > > > Tonight, snort reported me someone from malaysia portscanned my > > subnet and then tried to exploit a bug in ProFTPD. Happily, the > most attacks against the different ftpds I see are direct hit > attemps, the attacker does not portscan, he just attacks whole > subnets if kind of 'brute forcing'. > > -- > MfG/best regards, helmut springer > [EMAIL PROTECTED] > > Life is a bitch and then you die. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
