I strongly recommend downloading, building and running PortSentry from
http://www.psionic.com/abacus/portsentry/

I have run it with great success on FreeBSD, Linux and Solaris.

--Nathan

Digital Overdrive wrote:
>
> [requoted]
>
> Cristian Dumitrescu wrote:
> > On Mon, 15 Jan 2001, Alex Popa wrote:
> >
> > > In the last five days, the port scans to my entire class C have dramatically
> > > increased, from one per two days on average, to four yesterday and six today.
> > >
> > > Is there a new exploit around, or is there some sort of new worm out there?
> > >
> > > I might just be paranoid, but here are the addreses that have been looking
> > > for port 111 in the last 26 hours:
> > >
> > > 24.26.121.156
> > > 24.168.66.119
> > > 64.31.226.156
> > > 142.169.227.102
> > > 193.226.15.15
> > > 211.218.144.11
> >
> > Hey
> > I've been experiencing the same kind of scans in the last 2 weeks, with
> > increased density in the last days, from these ip addreses:
> >
> > 211.120.63.136
> > 213.154.132.122
> > 210.205.6.215
> > 24.114.48.24
> > 62.83.125.82
> > 193.231.199.4
> > 193.40.223.66
> > 65.3.3.83
> > 193.230.227.234
>
> Just one question: How do you detect these scans ?
> I can't find anything in my logs, but I don't have programs like
> portsentry running. What can you (all) advice me ?
>
> Kind regards,
>
> Jan
>
> --
> .~. Dutch Security Information Network : http://www.dsinet.org
> /V\ news:alt.hack.nl FAQ : http://www.dsinet.org/hackfaq
> /( )\ digioverdsinet.org / digiovercotse.com
> ^^-^^ "Microsoft: We make virii work!"

--
[Your mouse moved. Windows NT will be restarted for your changes to take effect.]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]