--On Tuesday, September 18, 2001 11:07 AM -0700 Robert Schenk <grinnel99 at yahoo.com> wrote:
> In preparation for cable modem: NPF installed. I'm surprised at the > number of access attempts. I would like to know who is trying to spy. > > The numbers are in the NPF access log. Does anyone know the keystrokes > you enter. I'm familiar with typing in .net or .com, etc. A set of four > numbers I have not yet figured out. A Mac on the Web is actually pretty safe because it doesn't have very many ports open, and the ports it has open aren't the ones the script kiddies want. If you're running Mac OS 9.2 or earlier, you can make your Mac pretty much invisible to the Web by turning off Appleshare/IP file sharing. To do this, go to the file sharing control panel, and uncheck the box letting clients have TCP/IP access. Of course, as long as you don't permit guest access, nobody who's unauthorized can get in, whether or not it's checked. As for the numbers you're seeing, these are the IP addresses of the machines your firewall is logging. The names like erdos.math.louisville.edu are human readable names. The real names for the machines are the IP numbers. For example erdos.math.louisville.edu corresponds to 136.165.6.89 Think of one as a name and the other as a phone number. The domain name servers are the phone books. You can go back and forth with a program that has dig or nslookup capability. Two that come to mind are Interarchie and IPNetMonitor. I wouldn't spent a whole lot of time worrying about the script kiddies getting into your Mac. Almost all of the "warez" for cracking are aimed at Windows and Unix. I have several Macs and a Linux machine behind my cable modem, and I log all the attempts for all the machines on my Linux box. Over 95% of the attempts are trying well-known Windows exploits, and almost all the rest are attacks on Apache and sendmail on the Linux machine. As long as you're taking prudent precautions, they can't do anything to your Mac because they aren't even trying to attack Macs. -- Lee Larson, Mathematics Department, University of Louisville http://www.louisville.edu/~lmlars01 (502)852-6826 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2250 bytes Desc: not available Url : http://www.math.louisville.edu/pipermail/macgroup/attachments/20010919/357c02c7/attachment.bin
