I've tried tcpdump. However, this is a stealth syn attack. I used #>tcpdump -u root -i any port 1080
I can watch the log files as portsentry continues to log the attempts, but tcpdump shows nothing. Any more ideas? MKlinke wrote: > > On Saturday 16 August 2003 18:14, Robert Canary wrote: > > I am getting continuously hit on port 1080. Nothing is happening > > because the services (proxy) has been disabled, port sentry is seeing > > the attack but it reports "unknown" as the attacker. Most all my > > machines have seen this activity, but nothing like this one. > > > > It fills up the log files, causes the system to crunch the log file a > > little more often than usuall...other than that it isjust a nuisance, > > sort like that fly buzzing around your head when your try to eat > > dinner. > > > > I have tried to trap the IP address in ntop, but it isn't showing a > > port 1080... > > > > Any ideas how to find the IP address... > > > > Malicious ideas are welcome as well :-) > > Robert, > > tcpdump dst port 1080 > > should display any traffic destined for port 1080 > > Regards, Mike Klinke > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
