[plug] Probes (was: Linux-based firewalls)
Leon Brooks
leon at brooks.fdns.net
Wed Feb 28 10:37:31 WST 2001
billk at iinet.net.au wrote:
> Also, dns probes on my dialup seem to be hitting new highs, as well as ftp
> ones at the moment.
Actually port 137-139 probes seem to be hitting a peak as well. One site
I admin, which is currently a single static IP but will soon be 3 of
same, gets a probe on 137-139 about every five minutes, not including
leaked random Windows traffic (and probes!) from private IPs of the
ten-thumbs ISP concerned.
As to the DNS probes, I currently have a machine up on blocks which had
been cracked, and in about 5 days had collected the IPs of about 30
other machines with vulnerable BINDs.
The difference here with Windows is that you would never know, unless
and until your ISP called you or disconnected you. Smileys, for example,
get regular doses of assorted probes and trojans (e.g. AnnaK) from their
clients' machines, and the victims, including Windows gurus, often
vehemently deny that there's a problem. Until I show them all of the
logs from the assorted Linux boxes involved and it becomes impossible to
deny.
--
"My enthusiam for this meal can't even be described by a scalar."
-- Dan Eisenbud, Swarthmore '98, at Sharples
More information about the plug
mailing list