I can telnet to the box of the person who has been doing the UDP 513 scanning for 6 weeks now and (of course its a Red Hat box) I don't like their continuous scanning but realize for now they don't present a problem at this port. Kind of like someone driving by our house everyday for 6 weeks and just looking. The UDP 161 is new and frequent so that made me curious. The "Connect from host: cable-15-14-237-24.anchorageak.net/24.237.14.15 to UDP port: 7 External command run or host: 24.237.14.15 using command: "24.237.14.51" (Doesn't look entirely innocuous to me? I guess its the "External command" thingy) Nov 4 03:26:09 home ipop3d[8471]: refused connect from cable-15-14-237-24.anchorageak.net (Is that considered a problem if it continues? Thats the same UDP 7 guy) I did have a hack-attempt a couple years back with a Sendmail exploit in RH 5.0 so it has made me cautious . I have logcheck, Portsentry, ippl (boy does that give out some data but I'll save that for another time:>)), and Tripwire running on my machine so its not like I am "unprepared" mostly curious as this is a 24/7 machine which someday may contain sensitive material but right now is mostly a "test bed" of my own Linux curiosity and incompetence. Our ISP is the Cable Provider and continues to pretend that #1)Linux is for Geeks or extemely knowledgable hackers, and #2)Any home user will of course be using M$ or the few lunitic fringe MAC holdouts. The suggestions re: keeping a eye out on the "higher level" intrusion entry points are good ones and I will keep them in mind. And using 'nmap' to scan my own machine seems appropriate. Thanks again for the continued input both on the List and to me directly. I can remember last year or so this List seemed to have hundreds of "Port Scan" dialogs and it seems that it will always be a point of contention. I enjoy a healthy constructive 'dialog'. Thanks again William Bouterse Juneau, Alaska Nov 4 03:26:09 home ipop3d[8471]: refused connect from cable-15-14-237-24.anchorageak.net Nov 3 22:21:34 home portsentry[873]: attackalert: Connect from host: cable-15-14-237-24.anchorageak.net/24.237.14.15 to UDP port: 7 Nov 3 22:21:34 home portsentry[873]: attackalert: External command run for host: 24.237.14.15 using command: "24.237.14.51" Nov 3 22:21:34 home portsentry[873]: attackalert: Host 24.237.14.15 has been blocked via wrappers with string: "ALL: 24.237.14.15" Nov 3 22:21:34 home portsentry[873]: attackalert: Host 24.237.14.15 has been blocked via dropped route using command: "/sbin/route add -host 24.237.14.15 gw 333.444.555.666" Nov 3 22:21:34 home portsentry[873]: adminalert: ERROR: could not accept incoming socket for UDP port: 7 -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
