Dave Evans wrote: > On Thu, May 14, 2009 at 02:35:45PM +0800, W B Hacker wrote: >> But p0f has turned up something I had not expected - port 25 entirely aside, >> nearly 80% of the break-in attempts are coming off Linux boxen and mostly to >> port 22, very few from WinBoxen - on any port. >> >> Looks to me as if Linux has indeed won 'market share' - but not where we >> might >> have most wished it to have appeared.... > > Makes sense - box A attacking box B via ssh probably means that box A has > already been compromised by that same attack vector. i.e. attack vectors > tell you more about the attacker than the would-be victim. > >
I'd actually prefer to think the attacks were the deliberate action of a malevolent intelligence - sitting at the console, even - than to think that Linux was that frequently compromised. A closer inspection of a 9+ hour run shows that it may not be ... - Several instances of ONE IP, but walking the tree of originating ports This will take out a whole 'tribe' of those... ipfw add 00614 deny ip from 221.0.0.0/8 to any Nice thing about Irish Alzheimer's... - I don't *remember* knowing anyone in Hebei Province, PRC anyway.... ;-) Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
