[PLUG] I took a shot this morning

Bruce Kilpatrick bakilpatrick at verizon.net
Fri Sep 29 10:54:30 UTC 2006


Thank you, that's what I needed to know.  It was the first time I had 
seen something like this.  I learned something new.


Bruce

Rich Burroughs wrote:
> Bruce,
> 
> Someone trying to connect to a port is not necessarily evidence of
> wrongdoing. That could happen for innocent reasons, like mistyping an IP
> address.
> 
> Chances are, though, that it was someone scanning for a specific
> vulnerability with a program that tends to run on that port. I'm not
> positive, but I think that number is in the range used for RPC services.
> 
> There are programs that can scan large blocks of IP addresses, and look
> for specific vulnerabilities. If the scan gets some hits, then an attacker
> can try to exploit them later (or the scanning software might even try the
> exploit itself).
> 
> Anyway, it's up to you how serious you want to take this, but I would
> personally not be concerned. There's a lot of this kind of scanning that
> happens. If you are going to file an abuse report every time someone hits
> a port on your firewall, you are probably going to file a lot of reports.
> I would be more concerned about someone who was trying to DoS me, or made
> multiple, more persistent attempts to attack me.
> 
> 
> Rich
> 
> On Thu, September 28, 2006 1:45 pm, Bruce Kilpatrick wrote:
>> Firestarter reported that it blocked a connection at port 41131...in
>> this case the firewall was good!
>>
>> Russell Senior wrote:
>>>>>>>> "Bruce" == Bruce Kilpatrick <bakilpatrick at verizon.net> writes:
>>> Bruce> Hey All, I am with Verizon for my DSL account.  Two days ago my
>>> Bruce> son's Windows box took a shot and his firewall shut everything
>>> Bruce> down [...]
>>>
>>> Can you please define "took a shot"?  To me that expression implies
>>> the rapid consumption of nearly flammable liquids.  And if everything
>>> goes right, there is no need for a firewall in that context (unless
>>> you spill some in the presence of an ignition source).  I am confused.
>>>
>>>
>> _______________________________________________
>> PLUG mailing list
>> PLUG at lists.pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
> 
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 



More information about the PLUG mailing list