[clug] Intrusion problem
conrad at mail.watersprite.com.au
conrad at mail.watersprite.com.au
Mon Nov 24 03:44:46 GMT 2008
Adrian (and list)
Daniel wrote:
> Did they tell you anything useful, such as what these requests were,
> when they occurred, what the destination was, or anything else?
> Well, probably -- the place to start would be with the technical detail
> that your ISP supplied to you, since that will help identify if we /can/
> help you.
While you should check with your ISP for details, this might be explained
by a complaint I made to my network provider regarding a large number of
unsolicited connection attempts made to TCP port 23 from the 125.0.0.0/8
network range (that being the range my IPs are in). I log and drop all
packets for ports not explicitly open on my firewall, and these have gone
from unnoticable numbers 6 months ago to accounting for the vast majority.
Should you not be able to get any details from your ISP, but this
otherwise sounds like it might fit your case, email me off list and I'll
give you what info I can from my logs.
Given the repetitive nature of the requests I was logging, I'm suspecting
botnetted PCs or similar. I wonder if they're looking for ADSL modems with
open, external-facing telnet ports? Or is there a better explanation?
Conrad.
More information about the linux
mailing list