[CLUE-Talk] Preventing Hack Attempts before they Happen
Mark Horning
rip6 at rip6.net
Sat May 12 21:36:20 MDT 2001
R Frank wrote:
<snip>
> Wish I knew more about this. I checked my logs and there are 88 different
> IP addresses being blocked, most as a result of scans to port 111. Am I
> wrong in thinking that such scans are not evidence of a would-be hacker?
> There is a burst of activity on May 7th against my port 119, and the
> machine reported it went into "stealth listening mode" on that port
> at that time. But as far as which IP addresses to deny, I'm not sure
> which are real threats and which are innocuous port scans.
>
111 could also be people who have yp running on their box
and it's broadcasting to the world. Yesterday someone at
24.1.13.161 was filling my log file. I determined that it
was someone with debian installed who is just waiting to
be hacked and denied the ip so's my logs wouldn't become
overwhelmed.
I only have 7 ports open but I tend to monitor a few that
I have closed to try to detect anyone with bad intent...
Mark
--
Mark Horning
rip6 at rip6.net
More information about the clue-talk
mailing list