[Wylug-help] Firewall Reports

Steve King steve at kingsteve.co.uk
Thu Apr 15 11:41:29 BST 2004


On Thu, 15 Apr 2004, Marc Jennings wrote:

> I am getting email reports from my home firewall telling me that various
> ports are being scanned from a user on the same subnet as me.  The ports
> being scanned (in order or report) are :-
>
> 139, 6129, 1025, 445, 3127, 6129, 139, 135, 139
>
> By the duplication of the ports, I'd assume this is either viral
> activity, or a script being run.  Does anybody know of any script-kiddie
> tools or virii that would produce this scan?  I have reported the user
> to his ISP on each occasion that the attacks take place, but even my
> read receipts don't seem to come back.

Why's that not a shock

>
> I know that port scanning is fairly commonplace these days, and that I
> probably shouldn't worry too much about it, but I would hate to think
> what would happen if my firewall wasn't in place.

Probably nothing, you're a linux user aren't you?

>
> Any thoughts anyone?

Don't worry about it! That's my policy at home.  (At work we don't (yet)
have a public IP address on either of our connections, so our firewall
hardly does anything)

If you want some fun logs just open up port 80 and watch all the ISS
buffer overflow attempts from your fellow ISP users.

Steve




More information about the Wylug-help mailing list