I was actually quite surprised after setting up the firewall how many attacks there actually were. An hour between attacks is a rare occurrence - unless they aren't attacks and are just spurious traffic on the internet.
I'm running shorewall under Debian, which seems secure enough to me, although I did recently upgrade to unstable, which could be dangerous...
From: Christopher Sawtell <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Attacks noticed. Date: Thu, 31 Jul 2003 14:32:46 +1200
On Thu, 31 Jul 2003 11:51, you wrote:
> On Thu, Jul 31, 2003 at 11:19:16AM +1200, Christopher Sawtell wrote:
> > I have noticed many attempts to connect to the secure port ( 445 )
>
> By "secure", I assume you're talking about the well-known HTTPS/SSL
> port--which is actually port 443.
>
> Port 445 is Microsoft-DS, which is mostly used for SMB/CIFS-over-IP.
>
> > used by IPCop and Smoothwall. Also my squid cache has been compromised
> > in some way resulting in a denial of service if the squid daemon is
> > active.
>
> Can you elaborate on this?
Yes, the IPCop suddenly started to refuse to allow outgoing traffic on Port
80. I first established that there was sufficient log space on the disk, and
rebooted, yes, yes, I know one isn't supposed to do that on oour favourite
o/s but it does sometimes clear problems none the less. That was last night,
so I went to bed earlier than some times and come back to it this morning
more seriously. Had a very quick look at the logs and saw that there were a
number of packets which were aimed at port 445. Not being a M$softie, I
thought this seemed odd, so I thought that others might like to know about
it. I'm now going to upgrade the IPCop to 1.3, but in order to do so I ahve
to fit a larger disk, so will be off the 'Net while I do that.
-- Sincerely etc., Christopher Sawtell
_________________________________________________________________
Download MSN Messenger @ http://messenger.xtramsn.co.nz - add your friends!
