On Sat, 28 Apr 2001, Brian Kraman wrote:
> (1) Did anyone else get a scan on Port 31337 from IP
> 1.2.3.4 about 03:26:51CT 4/28/01?
3 probes received from various sources the last week. Not significant in
numbers. But the source sounds spoofed.
> (2) Is there Windows based 98/95 packet sniffers
> that would yield any evidence of the originating IP?
Unlikely. Even hardware sniffers can't trace beyond what's physically
present. And it sounds as if the source address was spoofed.
Have a look at ethereal for windows. (It will fit in you budget ;-)
> (3) Also, has anyone else gotten scanned from the
> elementary school in S. Korea? I believe I saw
> someone write to the list.
Among others. The majority of the probes I get are from hijacked machines.
It seems some media attention would be nice so sysadmins will actually go
about and do something about there machines. Prevent trouble if possible
or else at least remove the intruders and close down these systems.
A rough guess however is that the number of potential victims for worms
may run in the tenth of thousand machines. (unpatched linux machines.)
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 08:35:33 PDT