today's log:
root@server: mail> /etc/rc.d/rc.iptables viewlog
analyzing iptables entries in /var/log/kernel
2 DPT=1080
3 DPT=135
4 DPT=137
10 DPT=1433
1 DPT=1524
3 DPT=2027
3 DPT=2032
2 DPT=2033
3 DPT=23
4 DPT=3128
26 DPT=445
5
why would they open ports 137-139? puzzling...
I logged many connection attempts to these 3 ports (and the SQL Server
ports as well) with my iptables.
> studies and prevention. The bottom line is; they had netbios going over the
> firewall...
> Anyways, if you have the interest and your usenet has
On comp.os.linux.networking I happend to come across a discussion going on about
a good size lan being hacked into. They used linux for routers and firewall(s),
but got hacked anyway. There's tons of useful information if you're into case
studies and prevention. The bottom line is; they had netbio