-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said...
> The answer is probably yes, but do the following indicate script-kiddie > probes? They are directed at portmap, lpr, and nmbd. I don't know why the > ones on the smtp port were rejected. The .184 system is my router. "Attacked" is a strong word for what you're seeing. This is all basically a set of port scans of people looking for holes on 216.15.108.184. They are all normal on today's internet, and (IMO) not something to worry about unless the thing has been hacked. Some of those can also be explained away as: * A mistyped hostname or IP number * Someone or something relying on old info; you'll probably never know if someone else had a mail server at 216.15.108.184 at one point in time, for example BTW, if this concerns you, you haven't seen the crap the firewall at work gets - there isn't enough time in the day for me to track them all down and try to complain. BTW2: if you're *really* worried about someone trying something you might want to consider snort - it's a IDS system based off a packet sniffer. It'll help you tell the difference between someone just doing a connect() sweep and someone who's making an effort go get in. > Packet log: input DENY eth0 PROTO=6 216.103.219.35:17956 216.15.108.184:111 > L=40 S=0x00 I=3466 F=0x0000 T=108 SYN (#10) > Packet log: input DENY eth0 PROTO=6 202.66.169.18:4439 216.15.108.184:515 > L=60 S=0x00 I=43201 F=0x4000 T=47 SYN (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18430 F=0x0000 T=114 (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18686 F=0x0000 T=114 (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18942 F=0x0000 T=114 (#10) > Packet log: input DENY eth0 PROTO=6 210.101.105.16:3546 216.15.108.184:111 > L=60 S=0x00 I=13241 F=0x4000 T=47 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57801 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57847 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57880 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 209.10.200.83:2151 216.15.108.184:111 > L=60 S=0x00 I=14138 F=0x4000 T=56 SYN (#10) > Packet log: input DENY eth0 PROTO=6 210.178.232.1:4935 216.15.108.184:111 > L=60 S=0x00 I=38311 F=0x4000 T=41 SYN (#10) > Packet log: input DENY eth0 PROTO=6 64.65.56.45:1274 216.15.108.184:515 L=60 > S=0x00 I=146 F=0x4000 T=46 SYN (#10) - -- - ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Made with pgp4pine iD8DBQE7Vcqf/ZTSZFDeHPwRAviRAJ96H1H64VBVnjaqKT/zGMekgyqAuACgsGep CwvMki/+xi4grNj2GYjor3g= =V2/9 -----END PGP SIGNATURE-----
