[Sderby] Help with in security please
Mark Challener
mark-challener at whippet89.freeserve.co.uk
Mon Jul 19 01:27:35 BST 2004
Hello,
Mark Challener here. Running Vector 4 (Slackware 9.0). This distro
comes with Psionic Portsentry installed and running.
I've also downloaded gShield, but haven't run it yet. Also running
iptraf, Thunderbird, Firefox, cups and MySQL
I'm a bit short on time to read up on iptables and security as I work,
have two young children and I'm try to study bioinformatics (BioLinux)
in the evenings, so if you can give me any quick pointers I'd be
seriously grateful.
I've just installed snort and get the following alerts. Should I be
worried about any of them? Particularly the one marked OUTBOUND ?
[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/19-00:28:51.762175 4.29.3.56 -> MYIPADDR
ICMP TTL:114 TOS:0x0 ID:55173 IpLen:20 DgmLen:28
Type:8 Code:0 ID:512 Seq:9614 ECHO
[Xref => http://www.whitehats.com/info/IDS162]
[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/19-00:33:52.885289 218.85.32.185 -> MYIPADDR
ICMP TTL:109 TOS:0x0 ID:5452 IpLen:20 DgmLen:28
Type:8 Code:0 ID:256 Seq:61161 ECHO
[Xref => http://www.whitehats.com/info/IDS162]
[**] [1:2003:6] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
07/19-00:34:17.845584 166.70.3.186:2740 -> MYIPADDR:1434
UDP TTL:113 TOS:0x0 ID:43510 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310]
[**] [1:2004:5] MS-SQL Worm propagation attempt OUTBOUND [**]
[Classification: Misc Attack] [Priority: 2]
07/19-00:34:17.845584 166.70.3.186:2740 -> MYIPADDR:1434
UDP TTL:113 TOS:0x0 ID:43510 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5311][Xref =>
http://www.securityfocus.com/bid/5310]
[**] [1:2050:5] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
07/19-00:34:17.845584 166.70.3.186:2740 -> MYIPADDR:1434
UDP TTL:113 TOS:0x0 ID:43510 IpLen:20 DgmLen:404
Len: 376
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref =>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref =>
http://www.securityfocus.com/bid/5310]
[**] [1:1201:7] ATTACK-RESPONSES 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/19-00:48:33.203160 163.1.13.54:80 -> MYIPADDR:32945
TCP TTL:51 TOS:0x0 ID:58329 IpLen:20 DgmLen:649 DF
***AP*** Seq: 0x83E4BB45 Ack: 0x7465F89F Win: 0x6030 TcpLen: 32
TCP Options (3) => NOP NOP TS: 1963851070 621905
[**] [1:1201:7] ATTACK-RESPONSES 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/19-00:48:33.578697 163.1.13.54:80 -> MYIPADDR:32945
TCP TTL:51 TOS:0x0 ID:58330 IpLen:20 DgmLen:618 DF
***AP*** Seq: 0x83E4BD9A Ack: 0x7465F9FD Win: 0x6030 TcpLen: 32
TCP Options (3) => NOP NOP TS: 1963851108 621952
[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
07/19-00:49:09.657746 216.67.204.220 -> MYIPADDR
ICMP TTL:110 TOS:0x0 ID:10878 IpLen:20 DgmLen:28
Type:8 Code:0 ID:768 Seq:4873 ECHO
[Xref => http://www.whitehats.com/info/IDS162]
Thanks for checking,
Mark
More information about the Sderby
mailing list