On Saturday 16 August 2003 18:14, Robert Canary wrote: > I am getting continuously hit on port 1080. Nothing is happening > because the services (proxy) has been disabled, port sentry is seeing > the attack but it reports "unknown" as the attacker. Most all my > machines have seen this activity, but nothing like this one. > > It fills up the log files, causes the system to crunch the log file a > little more often than usuall...other than that it isjust a nuisance, > sort like that fly buzzing around your head when your try to eat > dinner. > > I have tried to trap the IP address in ntop, but it isn't showing a > port 1080... > > Any ideas how to find the IP address... > > Malicious ideas are welcome as well :-)
Robert, tcpdump dst port 1080 should display any traffic destined for port 1080 Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
