|
Hi All I was contacted an hour or so aggo by some one claiming that
they are being port scanned by an ip used on one of our production gentoo
servers. The ip in question is only used to provide https and http for
an oscommerce (php) shoppingcart (although heavily modified and patched) I must admit that although I am currently unix sysadmin at a
small isp that I’m still a novice in many ways and thus I’m having
trouble determining if this is actually happening I tried running iptraf but
saw no signs of suspicious traffic but at that time scanning may well have
stopped. I have snort and acid installed on the machine but have not
been running it for some time since my superiors felt that it was wasting machine/mysql
resources. Also running chkrootkit yielded no positives. Anny advice regarding commands to run to check for portscans
or worms etc. would be most welcome. I try to keep the gentoo servers as up to
date as possible but I wouldn’t be surprised to learn of things I should
do but never knew about Best Regards Jean Blignaut |
- [gentoo-server] portscanning worm? Jean Blignaut
- Re: [gentoo-server] portscanning worm? darren kirby
- Re: [gentoo-server] portscanning worm? xyon
- Re: [gentoo-server] portscanning worm? Andrew Gaffney
- RE: [gentoo-server] portscanning worm? Jean Blignaut
- RE: [gentoo-server] portscanning worm? xyon
- Re: [gentoo-server] portscanning worm? / G... Michael Liesenfelt
- RE: [gentoo-server] portscanning worm? Jean Blignaut
- RE: [gentoo-server] portscanning worm? Andrew Kesterson
- Re: [gentoo-server] portscanning worm? Robert Larson
