In foo.debian-user, you wrote: > Hi all: > > To continue my new Linux user paranoia, I have just noticed in > xconsole that someone's been trying to connect to every port from port > 2 thru 1024. It looks like this: > > Apr 27 20:03:09 main tcplogd: tcpmux connection attempt from [EMAIL > PROTECTED] [206.47.37.4] > Apr 27 20:03:09 main tcplogd: port 2 connection attempt from [EMAIL > PROTECTED] [206.47.37.4] > Apr 27 20:03:09 main tcplogd: port 3 connection attempt from [EMAIL > PROTECTED] [206.47.37.4] > Apr 27 20:03:09 main tcplogd: port 4 connection attempt from [EMAIL > PROTECTED] [206.47.37.4] > ... > ... > Apr 27 20:08:13 main tcplogd: port 1024 connection attempt from [EMAIL > PROTECTED] [206.47.37.4] > > This one was the last. Bellglobal is my ISP provider, and I'm > connected via ADSL modem. In between these messages sometimes there > are the following (I guess that's when existing service was found): > > Apr 27 20:03:46 main in.telnetd[7141]: connect from cpu.adsl.bellglobal.com > Apr 27 20:04:34 main in.ftpd[7145]: connect from cpu.adsl.bellglobal.com > > Is this within frames of acceptable. I feel like complaining, but > don't want to look like an idiot. :) > > Any comments highly appreciated!
This is not acceptable. This is analogous to some stranger on the street coming up and feeling your crotch. I suggest you contact bellglobal and complain. If that does not work, learn proper counter-measures. -Mitch
