Any chance it could be a Ramen worm trying to spread?? >-----Original Message----- >From: Todd Lyons [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 31, 2002 8:40 PM >To: [EMAIL PROTECTED] >Subject: Re: [expert] Snort portscan log > >Bill wrote on Mon, Jul 29, 2002 at 07:57:30PM -0700 : >> I finally installed snort and I just got this in my portscan log file. >> Jul 29 19:25:46 211.172.121.210:3155 -> 66.47.48.54:515 SYN ******S* >> Jul 29 19:25:47 211.172.121.210:3643 -> 66.47.48.54:113 SYN ******S* >> Jul 29 19:25:48 211.172.121.210:3644 -> 66.47.48.54:23 SYN ******S* >> Jul 29 19:25:46 211.172.121.210:3152 -> 66.47.48.51:515 SYN ******S* >> Jul 29 19:25:49 211.172.121.210:3645 -> 66.47.48.51:113 SYN ******S* >> Jul 29 19:25:50 211.172.121.210:3646 -> 66.47.48.51:23 SYN ******S* >> Does this meen someone is looking for a hole ? > >Yes. Looking for lpd, identd, and telnetd (in that order). Basically >they're looking for an older box still running old versions of those >programs (RedHat 6.x, Mandrake 6.x, Slack, Debian, Turbo, whatever, >anything running old versions of those programs). > >Blue skies... Todd >-- > Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ >UNIX was not designed to stop you from doing stupid things, because > that would also stop you from doing clever things. -- Doug Gwyn > Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
