[sclug] Re: External command run for host: using command: "echo \

David Given dg at cowlark.com
Tue Jan 3 22:34:59 UTC 2006


On Saturday 31 December 2005 15:54, Graham wrote:
> 	I dont belive they are being foiled.
> 	I think that the attacker is sucessfully 'pinging' your box.
> 	and checking that they can still cause an address to be blocked.
> 	Denial-Of-Service - checked to be available but not used

According to my /etc/services, UDP port 80 has a name (www), so it could have 
a legitimate use --- but I've never heard of HTTP being transferred over UDP 
before.

Frankly, stray UDP packets to random ports where nobody's listening barely 
count on my threat meter. If they're being chucked out correctly by your 
firewall, I'd be inclined to log 'em and forget 'em --- it's just part of the 
ordinary internet background noise.

-- 
+- David Given --McQ-+ 
|  dg at cowlark.com    | "I have a mind like a steel trap. It's rusty and
| (dg at tao-group.com) | full of dead mice." --- Anonymous, on rasfc
+- www.cowlark.com --+ 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20060103/e340a1c3/attachment.bin


More information about the Sclug mailing list