[PLUG] (forw) smtp attack from 208.187.215.242

Rich Shepard rshepard at appl-ecosys.com
Tue Jun 25 21:57:33 UTC 2002


On Tue, 25 Jun 2002, Don Buchholz wrote:

> > I had gotten used to seeing virtually nothing but probes to port 1433 -
> > until today. Anyone else getting hammered with smtp probes?
> 
> No -- just the usual stuff.  So far this week ...
> 
>   #probes
>      12     21   # FTP (data)
>       2    111   # SunRPC/portmapper
>       3    139   # NetBIOS
>       3    445   # Microsoft DS ?
>       2    515   # LPD
>       3    666   # .... these came from the same scan as port 445
>       1   1080   # HTTP proxy server
>      66   1433   # MS-SQL
>       1   1524   # ingreslock?

  I'm running floppyfw here with logging sent to my main workstation/server.
All I've ever seen in /var/log/messages are denied ssh attempts. Am I
looking in the wrong log file to see port probes or are they not noted and
logged by floppyfw?

Thanks,

Rich





More information about the PLUG mailing list