Any idea of why I get so many packets on port 53? DENY'd so far, but...
Yes, I do let in all ! -y packets from my two DNS servers and also from
the 13 root servers.
Should there be any traffic from the root servers? I run my own DNS with
forwards to the two DNS servers of my ISP.
Regards
Gustav
"Michael H. Warfield" wrote:
>
> On Sun, Feb 04, 2001 at 12:15:19PM -0600, Mikkel L. Ellertson wrote:
> > Did I miss an update, or do I have a cracker that is out of date? I
> > have someone trying to connect up to port 515 (printserver) on my
> > firewall. He/she/it isn't having much luck so far... ;-)
>
> Probably someone looking to break into LPRng that came on the
> original (pre respin) RedHat 7.0. The Ramen worm, in particular, tries
> to break in this way. The majority of RedHat 7.0 should be safe. Your
> only worry is if you used the original ISO images (not a purchased
> version or the respin version) or built the system prior to the
> LPRng update. Ramen checks the banner from ftp to see if you are
> running a RedHat 7.0 site, so a lot of RedHat 7.0 systems will get
> hammered by LPR requests, even if they are not vulnerable, if they
> have ftp enabled. Ramen is resulting in very significant increases
> in port scanning on ports 21 and 111 plus some port probing to 515.
>
> > Mikkel
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
