Pozdrav!
Ko smo že pri tem pa sem dans v logih zasledil še nekaj - po inštalaciji port
sentry-ja:
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Aug 13 18:01:34 MAJA portsentry[8366]: attackalert: Possible stealth scan from
+unknown host to TCP port: 109 (accept failed)
Aug 13 18:07:36 MAJA portsentry[8366]: attackalert: Connect from host:
+pc1.eotvos-misk.sulinet.hu/195.199.18.65 to TCP port: 109
Aug 13 18:07:36 MAJA portsentry[8366]: attackalert: Host 195.199.18.65 has been
+blocked via wrappers with string: "ALL: 195.199.18.65"
Aug 13 18:07:37 MAJA portsentry[8366]: attackalert: Host 195.199.18.65 has been
+blocked via dropped route using command: "/sbin/route add -host 195.199.18.65
+reject"
Emm port 109 je pop2 port - wtf ?? In osebek, ki se je povezoval nima kaj
iskati na moji mašini, sem obiskal ta dolocen naslov na netu in našel apache
server in wu.ftpd na (baje redhat mašini), ob tem času (18:01 se meni normalno
pobere pošta z arnesa, kissa, lenina in slo.net-a, noben od njih ni na
madžarskem :) in noben ne uporablja pop2 protokola.
Če je to spet portscan potem nekdo očitno skenira celotno Arnes-ovo domeno,
kajti ce imam dinamičen IP je verjetnost da me zasledi verjetno minimalna?
Spet enako vprašanje: kaj naj storim?
Vnaprej hvala!
Boštjan
--
Boštjan Müller [NEONATUS], [EMAIL PROTECTED], http://surf.to/NEONATUS
ICQ #:7506644, For my PGP key finger: [EMAIL PROTECTED]
RSA id: 0x90178DBD, Powered by S.u.S.E. Linux 6.0.
A professor is one who talks in someone else's sleep.
