I'm of the same opinion. Obviously the firewall/detection software is
handling what's comming at it. It's low volume, and what I saw of it
didn't look like a serious hack attempt anyway. (Although I could be
confusing this issue with someone elses trace I glanced at.) So much of what I see
complained about recently on the list is just people learning about
all the "noise" you see while participating in DSL bridge groups or
Cable lans. These services are sold devoid of any technical information
as a consumer service to a public that doesn't in general know enough
to even care. I see all the time where small offices plug the cable
right into their office network hub. I'm bombarded several times a day
with DHCP broadcasts from someone like that in my DSL bridge as they reboot
PCs in the office or restart the network printer. I just added special rules
to my chains to silently drop that stuff.
What's much more valuable is to look at other logs. Have there been login
attemps recorded in /var/log/messages? Finger probes? Connect attempts to
SSH (port 22), FTP, WWW (80), Higher level ports such as X (6000+) or RPC?
That's where a real hacker is going to start. If you are running a web
server, look in the logs for that. Have there been requests for files you
don't recongnize? CGI requests?
Beyond that, I wouldn't worry about it.
On Sat, Nov 06, 1999 at 10:43:19AM +1100, tom minchin wrote:
> Definitely don't bother your ISP with it (unless it's their network which
> is the source) or you have some kind of contract in regards security or
> intrusion detection.
>
> Also, careful not to complain about 'normal' violations. Many people install
> those dinky NT 'firewalls' then complain about things like ping, traceroute,
> NTP, OSPF etc. There's also quantity as well, a few pings is fine, a few
> thousand starts to be annoying.
>
> [EMAIL PROTECTED]
--
J. Scott Kasten
jsk AT tetracon-eng DOT net
"If you stand for nothing, you're likely to fall for anything."
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
