[Scottish] The yellow peril?

Bruce Cran scottish at mailman.lug.org.uk
Fri Jul 25 10:40:03 2003


--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 24, 2003 at 03:14:48PM +0100, Colin Fraser wrote:
> Thanks Neil, and Paul.
>=20
> Much as I expected, 'tho it's interesting the number of scans I'm getting=
 from=20
> Eastern Europe as well (I might follow up the one from Lerwick, just out =
of=20
> curiousity).
>=20
> Nice to see the firewall seems to be working!
>=20
> By the way, does anyone know any analysis tools I might use to analyse=20
> /var/log/messages to see what's going on? It's a pain trying to check the=
=20
> services and protocol files each time to work it out.
>=20

All the 'scans' to port 135 or 139 are NetBIOS - whether they're misconfigu=
red
Windows boxes automatically scanning for shares or spammers trying to use t=
he
winpopup messaging system isn't clear, but I'm guessing that there's an
awful lot of random NetBIOS traffic out there, since Windows seems to=20
automatically advertise its presence to the internet every few minutes.=20

--
Bruce Cran

--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/H/d9n4uvqcJsLfgRAty2AJ4m9iEJ1evEmA10qulHqtJrohniwQCgpnUa
NLhu7dAw6fbnAlCkOqQy6q8=
=a+Wl
-----END PGP SIGNATURE-----

--YZ5djTAD1cGYuMQK--