If you have Windows machines on your net, hopefully you're firewalling them. Remember when I sent out that little firewall grep script that collects the top ten destination ports and top ten attackers from my firewall logs? Back then, I saw the destination ports fairly evenly split between top & bottom (depending on the exploit of the day) and almost no GCI cable modem traffic. How things change! The IP addresses are obscured because when I've taken a look at traffic hitting my modem, it appears that there are a few that are intentionally sharing stuff like printers. However the rest are not, and the GCI techs must be having fun dealing with this stuff. This firewall is Linux/iptables, which is probably pretty common in this group. What are the other solutions on the list? Anyone with OpenBSD/pf? Cheers, James Begin forwarded message: Date: Tue, 2 Sep 2003 06:26:23 -0800 (AKDT) From: <e5z8652@xxxxxxxxxx> To: e5z8652@xxxxxxxxxx Subject: Zurg Firewall highlights Top attacked ports: 5814 DPT=135 99 DPT=1026 35 DPT=1027 33 DPT=901 23 DPT=1434 17 DPT=17300 10 DPT=445 5 DPT=1901 5 DPT=1353 4 DPT=1927 Top attackers: 115 SRC=24.237.49.x 96 SRC=24.237.47.x 93 SRC=24.237.24.x 90 SRC=24.237.164.x 88 SRC=24.237.253.x 87 SRC=24.237.174.x 84 SRC=24.237.202.x 72 SRC=24.237.48.x 72 SRC=24.237.15.x 70 SRC=24.237.170.x ------------------------------------ This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.