portsentry a divne pristupy na web

[Tom Z. Meinlschmidt]

Dobry den,

docela casto se mi posledni dobou stava, ze mi cizi stroj nejdrive 'sahne' na
ruzne porty, a pak se mi pripoji na http .. pricemz to delaji i duveryhodne
stroje, u kterych vim, ze by to nejaky scan nebyl.. portsentry pise tuto:


Aug 15 10:34:39 salome portsentry[407]: attackalert: SYN/Normal scan from host: 195.128.198.216/195.128.198.216 to TCP port: 248
Aug 15 10:34:40 salome kernel: Packet log: input DENY eth0 PROTO=6 195.128.198.216:62831 194.212.10.138:80 L=40 S=0x00 I=22437 F=0x4000 T=119 (#1)

Aug 15 09:33:09 salome portsentry[407]: attackalert: SYN/Normal scan from host: plzenb-65.dialup.vol.cz/62.177.85.65 to TCP port: 48
Aug 15 09:33:10 salome kernel: Packet log: input DENY eth0 PROTO=6 62.177.85.65:2847 194.212.10.137:80 L=40 S=0x00 I=46023 F=0x4000 T=120 (#1)

Aug 14 20:22:20 salome portsentry[407]: attackalert: SYN/Normal scan from host: a252-147.dialup.iol.cz/194.228.147.252 to TCP port: 592
Aug 14 20:22:20 salome kernel: Packet log: input DENY eth0 PROTO=6 194.228.147.252:1112 194.212.10.138:80 L=40 S=0x00 I=4358 F=0x4000 T=119 (#1)

vubec nechapu, proc to na ty porty zkousi lezt - nic na nich nebezi..
portsentry tu adresu samozrejme blokne, takze ja ji pak musim zase rucne
povolovat, a uz me to docela stve.

diky

TM
--
===============================================================================
Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer & NetCache
Datron s.r.o., Vachkova 3008, 470 01 Ceska Lipa, 0425/834 421, f: 834 425
GCS d-(?) s: a- C++ ULHISC*++++$ P+++>++++ L+++$>++++ E--- W+++$ N++(+) !o
    !K w(---) !O !M V PS+ PE Y+ PGP++ t+@ !5 X? R tv b+ !DI D+ G e>+++
    h---- r+++ z+++@
===============================================================================