[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Scan detection and spam relaying?
- Subject: [cobalt-users] Scan detection and spam relaying?
- From: "Manny Tau" <mtau@xxxxxxx>
- Date: Sat Apr 12 09:34:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I'm looking at my 550's Scan Detection log. My 550 is located in Southern
CA.
61.220.49.186 is Asia Pacific Network Information Centre in Milton, AU.
217.21.114.142 is RIPE Network Coordination Centre in Amsterdam, NL.
Port 137 is a highly exploited netbios-ns TCP/UDP Windows Name Service.
Port 445 is microsoft-ds udp Microsoft-DS.
Port 3481 - don't know about this one.
Questions:
1. Does "!pass (8)" mean they got in?
2. What does "(8)" and "48 syn ! 40 rst (17)" mean?
3. Is there a web resource I can refer to re: these messages?
4. Does the below mean that these guys were able to get into my 550?
5. Is this the probable source of the spam relaying attempts, though my mail
log says "status=deferred" for all the attempted emails out?
Needless to say, I've blocked these 2 particular IP's.
This listserv continues to be a great resource, thnx!
Manny
04/11/03-18:50:31 eth0 Firewall loaded
04/12/03-04:55:31 eth0:portscan: tcp 66.159.211.69/445 ->
61.220.49.186/29751 40 rst (17)
04/12/03-04:55:32 eth0:: udp 66.159.211.69/137 <- 61.220.49.186/137 78 !pass
(8)
04/12/03-04:55:33 eth0:: udp 66.159.211.69/137 <- 61.220.49.186/137 78 !pass
(8)
04/12/03-04:55:35 eth0:: udp 66.159.211.69/137 <- 61.220.49.186/137 78 !pass
(8)
04/12/03-07:10:20 eth0:portscan: tcp 66.159.211.69/3128 ->
217.21.114.142/3481 40 rst (17)
04/12/03-07:10:21 eth0:: tcp 66.159.211.69/3128 <- 217.21.114.142/3481 48
syn !pass (8)