Date: Tue, 15 Jun 1999 06:41:05 -0700 From: "Richard Childers" <rchilders@hamquist.com> To: "Matthew Joseff" <mjoseff@retribution.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: /var/log/messages Message-ID: <376657F1.C34C96A1@hamquist.com> References: <Pine.BSF.4.10.9906150917490.14540-100000@retribution.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"1) What can I do to avoid this?" Install tcp_wrappers and configure it to deny connections from this subnet (if you care). Alternatively, you might prefer to continue to collect information, the better to analyze the situation. "2) Can any *real* damage be done from someone connecting like this?" Yes, if (a) their intention is malicious, and (b) their attempts to exploit your system's possible vulnerabilities are successful. Otherwise, no. "3) What liabilities does this open the "offending" party's company to?" What damages have you suffered ? Furthermore, establishing the actual source of the packets can be problematic; this is where collecting additional information becomes of use. -- richard Richard Childers Senior UNIX Systems Administrator Hambrecht & Quist, LLC (415) 439-3838 Matthew Joseff wrote: > > Found this in my "messages" this morning: > > Jun 15 07:18:51 retribution rshd[19891]: connection from 193.221.47.155 on > illegal port 1574 > Jun 15 07:18:51 retribution rlogind[19890]: Connection from 193.221.47.155 > on illegal port > > questions: > > 1) What can I do to avoid this? > 2) Can any *real* damage be done from someone connecting like this? > 3) What liabilities does this open the "offending" party's company to? > > -- > Matthew Joseff, Sr. Web Developer > RCN Corp. 703-321-2410 > www.rcn.com NASDAQ: RCNC > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?376657F1.C34C96A1>