 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Being on an "always on" connection in the cable subnet I get scanned at least once a day for this. So I was bored one day and set up fakebo. It is a honey pot sort of and shows you what people do when they find a open bo port, you can customize it to make it reply anything you want. Most people that find open bo ports will just use the redirect utility and use you as a bounce port for more malicious activities. If anyone wants I could send you a log of past sessions with this, kinda funny but also a look into the cracker mentality. http://cvs.linux.hr/fakebo/ Kris Loranger Network Systems Engineer Belenosinc.com kris at kancer.978.org IRC:efnet, #978 AIM:KancerKris Run Linux, keep the net free! On Mon, 17 Jul 2000, David Lapointe wrote: > On Sun, 16 Jul 2000, Bill Horne wrote: > > From my messages file on my firewall: > > > > Jul 16 21:05:26 server kernel: Packet log: input REJECT ppp0 > > PROTO=17 200.210.110.18:31338 \ > > 32.101.212.18:31337 L=47 S=0x00 I=38386 F=0x0000 T=111 > > > > The 32... address is my IBM network dialup. This looks like > > NetBios/Back Orifice. IIRC, they use those ports, but my > > memory's hazy. > > 31337 is the BO port. Maybe write to abuse at tecsat.com.br or do a whois and see who is responsible for those > addresses. It's harmless to UNIX ( unless you are runnng a BO port ;-) and you did reject it. > > I get scanned for these and others frequently. They are all rejected by hte FW. > > > The IP goes to stc18.tecsat.com.br, which is probably an owned > > machine. Who do I tell about it? > > > > TIA. > > > > Bill Horne > > - > > -- > .david > David Lapointe > There are two priorities: what you're doing right now, and everything else. Change > what you are doing based on intuitive surrender to the part of you that knows best. > David Allen > - > Subcription/unsubscription/info requests: send e-mail with > "subscribe", "unsubscribe", or "info" on the first line of the > message body to discuss-request at blu.org (Subject line is ignored). > - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
