Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Help!
Robert83
post Mar 21 2004, 10:19 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

so it happened eventualy, I think a person found something interestin about my ip adress, connections to port 30xxx+ are coming in from 152.2.210.121 , slowly but as I see he's trying out some ports....

What to do?

It says in WHOIS that it's from the California University.... should I send an e-mail to them with the iptables log about that specific ip adress, and ask them really nice to do something about it?

or should I just do that drop-and-log-it for this IP adress specificaly


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 21 2004, 11:20 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I would definately do a drop-and-log his specific IP address ... and I would find the abuse e-mail address and mail them the IP Tables results (if it continues).

More likely than not, he will get tired and move to another (less secure) target (if it is being done on purpose)....remember ... lots of times the scans are really computers infected with a worm/virus and the PC owner just doesn't know. If he is continously looking at a specific port, you can check out that port at:

http://isc.incidents.org/port_details.html

input the port number and it will tell you if that port is being scanned by lots of people ... why someone would want to scan it, what runs on it, etc.

Also check out the home page for incidents.org (they have more than just the ports info).


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 21 2004, 11:24 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Also remember that if people inside your network are doing things like kaaza, limeware, (even bittorrent and regular Active FTP vice Passive FTP) then they could be causing what looks like an unsolitiated event when it is not.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 18th October 2017 - 10:46 PM