[juneau-lug] Local Windows world still suffering:
- From: James Zuelow <e5z8652@xxxxxxxxxx>
- To: jlug <juneau-lug@xxxxxxxxxxxxx>
- Date: Tue, 02 Sep 2003 07:14:00 -0800
If you have Windows machines on your net, hopefully you're firewalling them.
Remember when I sent out that little firewall grep script that collects the top
ten destination ports and top ten attackers from my firewall logs? Back then,
I saw the destination ports fairly evenly split between top & bottom (depending
on the exploit of the day) and almost no GCI cable modem traffic. How things
change!
The IP addresses are obscured because when I've taken a look at traffic hitting
my modem, it appears that there are a few that are intentionally sharing stuff
like printers. However the rest are not, and the GCI techs must be having fun
dealing with this stuff.
This firewall is Linux/iptables, which is probably pretty common in this group.
What are the other solutions on the list? Anyone with OpenBSD/pf?
Cheers,
James
Begin forwarded message:
Date: Tue, 2 Sep 2003 06:26:23 -0800 (AKDT)
From: <e5z8652@xxxxxxxxxx>
To: e5z8652@xxxxxxxxxx
Subject: Zurg Firewall highlights
Top attacked ports:
5814 DPT=135
99 DPT=1026
35 DPT=1027
33 DPT=901
23 DPT=1434
17 DPT=17300
10 DPT=445
5 DPT=1901
5 DPT=1353
4 DPT=1927
Top attackers:
115 SRC=24.237.49.x
96 SRC=24.237.47.x
93 SRC=24.237.24.x
90 SRC=24.237.164.x
88 SRC=24.237.253.x
87 SRC=24.237.174.x
84 SRC=24.237.202.x
72 SRC=24.237.48.x
72 SRC=24.237.15.x
70 SRC=24.237.170.x
------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
