Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>]

Tom Horsley wrote:
> On Sat, 29 Dec 2007 22:35:07 +0800
> Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote:
>
> > You forgot one very important item.
> >
> > Whatever you do, don't be paranoid...unless someone is really out to get you.
>
> All you need to do is leave an unsecured box hooked up to the internet
> for 5 or 10 minutes to discover that someone really is out to get you :-).

Like these?
[root@mail ~]# grep -i shore /var/log/messages | grep ppp0 | sed -r -e 
's=.*IN\==IN\==' | sort -u -k 13
IN=ppp0 OUT= MAC= SRC=24.64.75.44 DST=58.6.192.22 LEN=512 TOS=0x00 
PREC=0x00 TTL=67 ID=52497 PROTO=UDP SPT=8801 DPT=1026 LEN=492
IN=ppp0 OUT= MAC= SRC=24.64.75.44 DST=58.6.192.22 LEN=512 TOS=0x00 
PREC=0x00 TTL=67 ID=52498 PROTO=UDP SPT=8801 DPT=1027 LEN=492
IN=ppp0 OUT= MAC= SRC=24.64.75.44 DST=58.6.192.22 LEN=512 TOS=0x00 
PREC=0x00 TTL=67 ID=52499 PROTO=UDP SPT=8801 DPT=1028 LEN=492
IN=ppp0 OUT= MAC= SRC=60.190.118.200 DST=58.6.192.22 LEN=40 TOS=0x00 
PREC=0x00 TTL=100 ID=6423 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 
RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=60.190.38.34 DST=58.6.192.22 LEN=404 TOS=0x00 
PREC=0x00 TTL=107 ID=3231 PROTO=UDP SPT=2795 DPT=1434 LEN=384
IN=ppp0 OUT= MAC= SRC=87.56.212.198 DST=58.6.192.22 LEN=48 TOS=0x00 
PREC=0x00 TTL=110 ID=14821 DF PROTO=TCP SPT=1511 DPT=5900 WINDOW=65535 
RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.209.110.20 DST=58.6.192.22 LEN=485 TOS=0x00 
PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=35334 DPT=1026 LEN=465
IN=ppp0 OUT= MAC= SRC=221.209.110.20 DST=58.6.192.22 LEN=485 TOS=0x00 
PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=35334 DPT=1027 LEN=465
IN=ppp0 OUT= MAC= SRC=221.209.110.8 DST=58.6.192.22 LEN=485 TOS=0x00 
PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=35712 DPT=1027 LEN=465
IN=ppp0 OUT= MAC= SRC=222.161.2.23 DST=58.6.192.22 LEN=918 TOS=0x00 
PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=36413 DPT=1026 LEN=898
IN=ppp0 OUT= MAC= SRC=222.161.2.23 DST=58.6.192.22 LEN=918 TOS=0x00 
PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=43810 DPT=1027 LEN=898
IN=ppp0 OUT= MAC= SRC=221.209.110.20 DST=58.6.192.22 LEN=485 TOS=0x00 
PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=55025 DPT=1026 LEN=465
IN=ppp0 OUT= MAC= SRC=221.209.110.20 DST=58.6.192.22 LEN=485 TOS=0x00 
PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=55025 DPT=1027 LEN=465
[root@mail ~]#

Nah, they're not out to get me. They don't care who they get, so they're 
relatively easy to defeat.

If they were out to get me, they'd not be wasting time on sql-server, or 
those UDP ports 102[6-8].


I note that some sites I manage get significantly more of these scans 
than others.

--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list