 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Hello
I have two or three litte Questions.
In the last two days i had a lot of People, who wanted connect to my
Port 1181.
---8<----8<----8<----8<----8<----8<----8<----8<----8<----8<---
# cat /var/log/messages | grep SRC= | grep Feb | grep DPT=1181 | cut -f
10 --delimiter=" " | sort | uniq -c | sort
[...cut out SRC's with less then 10 Hits...]
10 SRC=213.66.43.175
11 SRC=217.136.76.16
11 SRC=217.85.168.58
20 SRC=80.222.189.39
29 SRC=217.41.43.190
29 SRC=81.65.73.84
31 SRC=81.51.168.117
35 SRC=62.16.227.109
109 SRC=24.141.180.226
112 SRC=80.56.235.200
130 SRC=80.200.48.133
131 SRC=212.246.205.165
186 SRC=62.179.60.236
---8<----8<----8<----8<----8<----8<----8<----8<----8<----8<---
Can someone tell me, what this port should be for? I first thought it is
the same type of attack, like last week on port 1434 [MS-SQL]. But it
looks like i'm more or less the only victim.
My next question is:
What is the best behavior against such "connects" ? Should i insert a
rule into the firewall to drop such attempts? Or should i reject them?
Or should i just continue to log them?
Oh, and does someone can tell me a good link to some security related
website or newsgroup ?
Thanks in advance
Matthias Egger
--
Matthias Egger, Im Park 9, 8953 Dietikon
P. 01-740-26-85 / N. 076-547-87-79
M. [EMAIL PROTECTED]
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.