Interesting observations in the logs. When the SSH zlib problem came up, I had lots of port 22 entries in the logs for awhile.
Until Monday I had not been nmaped port scanned in a long long time. It appears like the hackers like to use class C range scans on one port. I have two dachstein firewalls on @cox network. I see the same ip addresses hitting on port, say, 21 about one hour and a half a part from each other. Both firewalls use the same time server to keep the clocks maintained. When the privilege escalation OpenSSH problem was announced there were no new 22 port scans noted. In fact I had 11 port scans for port 21 over two days on July 1 and 2. That was out of 16 logged. July 3 is a pre holiday day and the Deny messages are light. I finally have 4 port 22 denies, and 2 port 21 deny out of 8 denies logged. Greg Morgan ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
