[juneau-lug] Local Windows world still suffering:

If you have Windows machines on your net, hopefully you're firewalling them.

Remember when I sent out that little firewall grep script that collects the top 
ten destination ports and top ten attackers from my firewall logs?  Back then, 
I saw the destination ports fairly evenly split between top & bottom (depending 
on the exploit of the day) and almost no GCI cable modem traffic.  How things 
change!

The IP addresses are obscured because when I've taken a look at traffic hitting 
my modem, it appears that there are a few that are intentionally sharing stuff 
like printers.  However the rest are not, and the GCI techs must be having fun 
dealing with this stuff.

This firewall is Linux/iptables, which is probably pretty common in this group. 
 What are the other solutions on the list?  Anyone with OpenBSD/pf?

Cheers,

James

Begin forwarded message:

Date: Tue,  2 Sep 2003 06:26:23 -0800 (AKDT)
From: <e5z8652@xxxxxxxxxx>
To: e5z8652@xxxxxxxxxx
Subject: Zurg Firewall highlights


 
 Top attacked ports: 
   5814 DPT=135
     99 DPT=1026
     35 DPT=1027
     33 DPT=901
     23 DPT=1434
     17 DPT=17300
     10 DPT=445
      5 DPT=1901
      5 DPT=1353
      4 DPT=1927

 Top attackers: 
    115 SRC=24.237.49.x
     96 SRC=24.237.47.x
     93 SRC=24.237.24.x
     90 SRC=24.237.164.x
     88 SRC=24.237.253.x
     87 SRC=24.237.174.x
     84 SRC=24.237.202.x
     72 SRC=24.237.48.x
     72 SRC=24.237.15.x
     70 SRC=24.237.170.x

------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts: