Your firewall blocked a TCP connection from 200.42.123.197
(a200042123197.rev.prima.com.ar) on port 3539 to your system
(66.30.88.130) on port 12345, which is the default Netbus port. It's a
very common port to be scanned, along with ports like 0, 65535, 31337,
etc.
To make sure that you are protected, I would recommend running Nessus
against your system, making sure it is locked down, running hostsentry,
things like that. If you're *really* interested in what they are trying
to do, there are fake trojan programs that you can run (FakeBO and
FakeNB) that will allow them to connect and do keystroke capture, etc.
It's pretty fun to watch IRT.
C-Ya,
Kenny
Charles Farinella wrote:
>
> Can someone explain what this means? I assume they are attempting to
> access my computer, but am curious to just what it is they are
> attempting, and what I need to know to make sure I am protected.
>
> Feb 24 23:15:20 farinella kernel: Packet log: input DENY eth0 PROTO=6
> 200.42.123.197:3539 66.30.88.130:12345 L
> =48 S=0x00 I=2994 F=0x4000 T=108 SYN (#23)
> Feb 24 23:15:22 farinella kernel: Packet log: input DENY eth0 PROTO=6
> 200.42.123.197:3539 66.30.88.130:12345 L
> =48 S=0x00 I=3298 F=0x4000 T=108 SYN (#23)
> Feb 24 23:15:27 farinella kernel: Packet log: input DENY eth0 PROTO=6
> 200.42.123.197:3539 66.30.88.130:12345 L
> =48 S=0x00 I=3993 F=0x4000 T=108 SYN (#23)
>
> --charlie
>
> --
> Charles Farinella
> [EMAIL PROTECTED]
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
