[PLUG] (forw) smtp attack from 208.187.215.242
Rich Shepard
rshepard at appl-ecosys.com
Tue Jun 25 21:57:33 UTC 2002
On Tue, 25 Jun 2002, Don Buchholz wrote:
> > I had gotten used to seeing virtually nothing but probes to port 1433 -
> > until today. Anyone else getting hammered with smtp probes?
>
> No -- just the usual stuff. So far this week ...
>
> #probes
> 12 21 # FTP (data)
> 2 111 # SunRPC/portmapper
> 3 139 # NetBIOS
> 3 445 # Microsoft DS ?
> 2 515 # LPD
> 3 666 # .... these came from the same scan as port 445
> 1 1080 # HTTP proxy server
> 66 1433 # MS-SQL
> 1 1524 # ingreslock?
I'm running floppyfw here with logging sent to my main workstation/server.
All I've ever seen in /var/log/messages are denied ssh attempts. Am I
looking in the wrong log file to see port probes or are they not noted and
logged by floppyfw?
Thanks,
Rich
More information about the PLUG
mailing list