Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to detect invasions?



On Fri, 29 Aug 2003, Dave Gavin wrote:

> You may also find that it's some morons doing portscans or web attacks
> on your address - it's amazing how many systems are out there trying to
> spread virii. I get a couple of thousand hits on my firewall each day
> with a fairly static IP address and I used to see quite a bit of
> incoming nonsense on my dialup before I got a cable modem. 

Dave,

Looks like your suggestion is right on the money.  The traffic is being 
generated by pings and DCE endpoint resolution scans (which DShield at
www.powersource.cx reports as the Most Scanned Port).  I got 11 pings
and 16 scans in a single minute.  That works out to over 23,000 DCE 
scans a day.  Fortunately the sends from my end are "Destination unreachable"
responses.

Thanks for the helping hand.

Ilane





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org