Neostrada i ataki

Autor: kajan (kajan_at_polbox.com)
Data: Fri 16 Nov 2001 - 17:03:41 MET

Witam!
Zauwazylem, ze po zmianie zasad w nekrostradzie nasilily sie ataki.

Przy okazji. Co mozna zrobic z palantem ktory:

[fragment logu]-------------

#Severity, timestamp (GMT), issueId, issueName, intruderIp, intruderName,
victimIp, victimName, parameters, count
39, 2001-11-16 09:13:36, 2003401, SNMP port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=161&reason=Firewalled, 3, A
79, 2001-11-16 09:13:36, 2002003, SNMP backdoor, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , community=admin, 3, A
39, 2001-11-16 09:13:36, 2003004, FTP port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=21&reason=Firewalled, 1, A
39, 2001-11-16 09:13:36, 2003006, Telnet port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=23&reason=Firewalled, 1, A
39, 2001-11-16 09:13:36, 2003003, SMTP port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=25&reason=Firewalled, 1, A
39, 2001-11-16 09:13:36, 2003001, HTTP port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=80&reason=Firewalled, 1, A
39, 2001-11-16 09:13:36, 2003002, POP3 port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=110&reason=Firewalled, 1, A
39, 2001-11-16 09:13:36, 2003014, MSRPC TCP port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=135&reason=Firewalled, 1, A
39, 2001-11-16 09:22:59, 2003009, NetBIOS port probe, 212.76.43.140,
140-moc-4.acn.waw.pl, 217.98.9.188, , port=139&reason=Firewalled, 2, A
[koniec logu]--------------

Napisac gdzies, powiadomic?
Pozdrawiam
kajan

To archiwum zostało wygenerowane przez hypermail 2.1.7 : Wed 19 May 2004 - 17:08:16 MET DST