die opfer des port scans: löl


  • dalord
  • 665 Aufrufe 0 Antworten

Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen

  • die opfer des port scans: löl

    http://cert.uni-stuttgart.de/archive/usenet/comp.os.linux.security/2002/03/msg00163.html

    Luke Vogel <luke@bell-bird.com.au> wrote in message news:<3CA59AAF.91EC6925@bell-bird.com.au>...
    > David Schlecht wrote:
    > >
    > > Hi All,
    > >
    > > I run a Linux box behind a firewall. I'm running ProFTP v1.2.
    >
    > There were vulnerable versions of proftpd 1.2.0pre?
    >
    > > I've recently tightened down the firewall and started logging
    > > failed FTP attempts. I'm absolutely astonished at the number
    > > of failed attempts. I must get between 10 and 25 each day.
    > >
    > > I'm also monitoring port 111 (among others) and get about
    > > half as many hits to this port.
    > >
    > > These don't seem like run-of-the-mill port scans since the the same
    > > source IP doesn't usually hit both the ports in question. That's making
    > > the brash assumption that the source IPs aren't spoofed.
    >
    > no, perhaps not, but they may be coming from compromised hosts.
    >
    > > The FTP server didn't allow anonymous login before so I'm surprised at
    > > the amount of traffic.
    >
    > They are not specifically looking for you ... they scan a whole net
    > block looking for vulnerable "targets".
    >
    > > 1. Any ideas what's going in here?
    >
    > It is probably a number of skript kiddies (not necessarily related)
    > doing a net block scan for a number of vulnerable daemons.
    >
    > > 2. Would this list of source IPs be of any value to Internet
    > > security investigators?
    >
    > You would be wasting your time and theirs ... it is not illegal to
    > perform port scans
    >
    > --
    > Regards
    > Luke
    > ------
    > Q: What does FAQ stand for?
    > A: We are Frequently Asked this Question, and we have no idea.
    > ------
    > C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
    > Note: Remove NOSPAM from my return address if necessary
    > ------

    True, it's not illegal to port scan, but many ISPs will not tolerate
    it. I know that first hand as I too - see many many input DENYs on my
    firewall in the course of the day. I've written a script that will
    alert me if I have someone scanning me. I then send the log to the
    ISP. Many people have had to find another ISP because if this. When a
    port probe comes from Israel or Hong Kong....or wherever...then
    Hello!!!...Is this node just trying to non-maliciously find out what
    friendly services are being offered from my node?...lol.