I would have to agree. If you have DSL/broadband, it seems that you are bound to get these "random" hits. Like Charles said, most are the http IIS virus which you dont need to "worry" about. My PPC linux box gets tons of the http hits which I just ignore, as well as the occasional SSH hits, and anonymous FTP (which anon is turned off). Acutally I am surprise you only got 2 http hits. Usually a few an hour for me. Anyway, just keep tabs on your daily logs. Possibly install log analyis tools. Actually, if you have openssh installed, I believe it installs a neat simple script called: "logcheck.sh" It doesnt do much, but shows failed login attempts etc. Start a crontab and have it email u the results. PS if your running Intel definately keep update to date on patches; or is this no longer true (i.e. asm buffer code etc)? -jeremy no warrently included --- "Brian J. Conway" <bconway@WPI.EDU> wrote:
Looking at my log file from my firewall reveals that not I've got people trying to through my firewall from...
66.189.81.226 (and 246) (http connect attempts) 62.163.126.100 (same domain as yesterday)
How do I track them back to the ISP's and send a message to their abuse@ address?
Someone's trying to ping me from 66.189.24.226 as well.
[dogbert@ladyluck /]$ host 66.189.81.226 226.81.189.66.in-addr.arpa domain name pointer cpe-66-189-81-226.ma.charter.com.[dogbert@ladyluck /]$ host 62.163.126.100 100.126.163.62.in-addr.arpa domain name pointer a126100.upc-a.chello.nl. [dogbert@ladyluck /]$ host 66.189.24.226 226.24.189.66.in-addr.arpa domain name pointer cpe-66-189-24-226.ma.charter.com.
Am I being paranoid or could my isp be trying to crack my firewall to see if I've got any servers running?
Port scanning isn't illegal, I wouldn't be that concerned unless something actually gets broken into, and it doesn't sound like you're in imminent danger of that. There's a lot of noise that's gonna show up in firewall or PortSentry-type logs, especially on cable or DSL IP ranges, I really don't pay it much attention myself. It's your call, of course.
Brian J. Conway bconway@wpi.edu
"LINUX is obsolete" - Andrew S. Tanenbaum, creator of Minix - Jan 29, 1992 _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
__________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/