> > The following is a third of my logfile. Is this not normal for you
> > folks? Why do so many people get so worried when something shows up.
>
> Why? well just read what I added to almost all your submitted port
> attacks. Sorry to say this, but this is ignorance. You are being probed
> from all sides my trojans, and you don't realise it.
I asked if it was normal and I asked why people get so worried. What I meant
by the second part that I probably didn't explain as well as I could have was
why people worry so much if they have their firewalls setup to block those
ports. Asking the question I asked in itself implies that I don't know
something and I'm trying to find out. Whether or not you are a newbie to
linux like myself or an expert I don't know. From the information you gave me
I'd expect you are someone quite knowledgeable about linux. If this is true,
then help me by all means, but it would brighten my day no end if you would
desist with the use of the word 'ignorance'.
> Therse aren't scrip-kiddies, but documented trojans, probably most are
> from Windows, but like the one I had... Redhat Linux. It's not normal
> for people to try ftp into you, or fetch mail from your server... but
> look at the list of trojans... there are many for those 2 ports.
With the firewall setup and blocking those ports (I certainly hope it is)
aren't I just getting a logfile full of attempted probes?
> > From my DI-704P Ethernet Broadband Routers Log:
> port 137 = (UDP) - Bugbear, Msinit, Opaserv, Qaz
> port 1433 = Voyager Alpha Force
> port 1524 = Trinoo
> port 21 = ADM worm, Back Construction, Blade Runner, BlueFire, Bmail,
> Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan,
> FreddyK, Invisible FTP, KWM, MscanWorm, NerTe, NokNok,
> Pinochet, Ramen, Reverse Trojan, RTB 666, The Flu, WinCrash,
> Voyager Alpha Force
> port 22 = InCommand, Shaft, Skun
> port 25 = Antigen, Barok, BSE, Email Password Sender , Gip, Laocoon,
> Magic Horse, MBT , Moscow Email trojan, Nimda, Shtirlitz,
> Stukach, Tapiras, WinPC
> port 3128 = Reverse WWW Tunnel Backdoor , RingZero
> port 3389 = <nothing I can find>
> port 443 = Slapper
> port 445 = Nimda
> port 515 = MscanWorm, Ramen
> port 6346 = <nothing I can find, I believe it's the giFT port>
> Just thought I would let you know ;-) Let's just hope you have the
> non-logged ports closed ;-)
I know I'm about to open up a can of worms here, but can we not let it get out
of control people. Ok, here goes. Is there a 'decent' online security site
that could check my ports? Properly?
--
Regards
Trevor Rhodes
===========================================
Powered by Linux - Mandrake 9.0
Registered Linux user # 290542 at http://counter.li.org
Registered Machine #'s 186951,
Source : my 100 % Microsoft-free personal computer.
===========================================
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
