Zdravim.
Toto jsem nasel v jedne news skupine. Nevi nekdo, jestli Salome neni nejaka
hackerka ? :)
Dobry den,
docela casto se mi posledni dobou stava, ze mi cizi stroj nejdrive 'sahne' na
ruzne porty, a pak se mi pripoji na http .. pricemz to delaji i duveryhodne
stroje, u kterych vim, ze by to nejaky scan nebyl.. portsentry pise tuto:
Aug 15 10:34:39 salome portsentry[407]: attackalert: SYN/Normal scan from
host: 195.128.198.216/195.128.198.216 to TCP port: 248
Aug 15 10:34:40 salome kernel: Packet log: input DENY eth0 PROTO=6
195.128.198.216:62831 194.212.10.138:80 L=40 S=0x00 I=22437 F=0x4000 T=119
(#1)
Aug 15 09:33:09 salome portsentry[407]: attackalert: SYN/Normal scan from
host: plzenb-65.dialup.vol.cz/62.177.85.65 to TCP port: 48
Aug 15 09:33:10 salome kernel: Packet log: input DENY eth0 PROTO=6
62.177.85.65:2847 194.212.10.137:80 L=40 S=0x00 I=46023 F=0x4000 T=120 (#1)
Aug 14 20:22:20 salome portsentry[407]: attackalert: SYN/Normal scan from
host: a252-147.dialup.iol.cz/194.228.147.252 to TCP port: 592
Aug 14 20:22:20 salome kernel: Packet log: input DENY eth0 PROTO=6
194.228.147.252:1112 194.212.10.138:80 L=40 S=0x00 I=4358 F=0x4000 T=119 (#1)
vubec nechapu, proc to na ty porty zkousi lezt - nic na nich nebezi..
portsentry tu adresu samozrejme blokne, takze ja ji pak musim zase rucne
povolovat, a uz me to docela stve.
.
|
